 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.67163 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2010:0237 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2010:0237. Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Linux was found to not reject the localhost.localdomain domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed messages. (CVE-2006-7176) A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) Note: The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. Solution: All users of sendmail are advised to upgrade to these updated packages, which resolve these issues. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0237.html http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-7176 BugTraq ID: 23742 http://www.securityfocus.com/bid/23742 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11499 http://www.redhat.com/support/errata/RHSA-2007-0252.html http://secunia.com/advisories/25098 http://secunia.com/advisories/25743 Common Vulnerability Exposure (CVE) ID: CVE-2009-4565 BugTraq ID: 37543 http://www.securityfocus.com/bid/37543 Debian Security Information: DSA-1985 (Google Search) http://www.debian.org/security/2010/dsa-1985 http://security.gentoo.org/glsa/glsa-201206-30.xml HPdes Security Advisory: HPSBUX02508 http://marc.info/?l=bugtraq&m=126953289726317&w=2 HPdes Security Advisory: SSRT100007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822 http://www.redhat.com/support/errata/RHSA-2011-0262.html http://secunia.com/advisories/37998 http://secunia.com/advisories/38314 http://secunia.com/advisories/38915 http://secunia.com/advisories/39088 http://secunia.com/advisories/40109 http://secunia.com/advisories/43366 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.vupen.com/english/advisories/2009/3661 http://www.vupen.com/english/advisories/2010/0719 http://www.vupen.com/english/advisories/2010/1386 http://www.vupen.com/english/advisories/2011/0415 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |