Gentoo Linux Security Advisory 201206-30 - An error in the hostname matching in sendmail might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 8.14.4 are affected.
e81c680a240ecc016d13ad4e7e1e4963af6de79ece9e1a280f15e3e3925484acHP Security Bulletin - A potential security vulnerability has been identified with HP-UX running sendmail and STARTTLS enabled. This vulnerability could allow a user to gain remote unauthorized access.
84d58862143bcda903056b353d962ad14bccd9639e6cd2e9f8830ca835e51382Debian Linux Security Advisory 1985-1 - It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
7f363bfc3756efe52291262afeda37362d40aa4743af918350401f623bf2e9ccMandriva Linux Security Advisory 2010-003 - sendmail before 8.14.4 does not properly handle a '\\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for this vulnerability.
6a0b749906bd2570fc2a1ed587e5404a72ae2b8800fbf7d9dcf16049002ad696
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed