 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.67163 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2010:0237 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory RHSA-2010:0237. Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Linux was found to not reject the localhost.localdomain domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed messages. (CVE-2006-7176) A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) Note: The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. Solution: All users of sendmail are advised to upgrade to these updated packages, which resolve these issues. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0237.html http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-7176 BugTraq ID: 23742 http://www.securityfocus.com/bid/23742 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11499 http://www.redhat.com/support/errata/RHSA-2007-0252.html http://secunia.com/advisories/25098 http://secunia.com/advisories/25743 Common Vulnerability Exposure (CVE) ID: CVE-2009-4565 BugTraq ID: 37543 http://www.securityfocus.com/bid/37543 Debian Security Information: DSA-1985 (Google Search) http://www.debian.org/security/2010/dsa-1985 http://security.gentoo.org/glsa/glsa-201206-30.xml HPdes Security Advisory: HPSBUX02508 http://marc.info/?l=bugtraq&m=126953289726317&w=2 HPdes Security Advisory: SSRT100007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822 http://www.redhat.com/support/errata/RHSA-2011-0262.html http://secunia.com/advisories/37998 http://secunia.com/advisories/38314 http://secunia.com/advisories/38915 http://secunia.com/advisories/39088 http://secunia.com/advisories/40109 http://secunia.com/advisories/43366 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.vupen.com/english/advisories/2009/3661 http://www.vupen.com/english/advisories/2010/0719 http://www.vupen.com/english/advisories/2010/1386 http://www.vupen.com/english/advisories/2011/0415 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |