7.5 - DSA-1985

Executive Summary

Summary
Title	New sendmail packages fix SSL certificate verification weakness

Informations
Name	DSA-1985	First vendor Publication	2010-01-31
Vendor	Debian	Last vendor Modification	2010-01-31
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.

For the oldstable distribution (etch), this problem has been fixed in version 8.13.8-3+etch1

For the stable distribution (lenny), this problem has been fixed in version 8.14.3-5+lenny1

For the unstable distribution (sid), this problem has been fixed in version 8.14.3-9.1, and will migrate to the testing distribution (squeeze) shortly.

We recommend that you upgrade your sendmail package.

Original Source

Url : http://www.debian.org/security/2010/dsa-1985

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10255

Oval ID:	oval:org.mitre.oval:def:10255
Title:	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Description:	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-4565	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section sendmail is earlier than 0:8.13.8-8.el5 AND sendmail-doc is earlier than 0:8.13.8-8.el5 AND sendmail-cf is earlier than 0:8.13.8-8.el5 AND sendmail-devel is earlier than 0:8.13.8-8.el5

Definition Id: oval:org.mitre.oval:def:11822

Oval ID:	oval:org.mitre.oval:def:11822
Title:	HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.
Description:	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-4565	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02508 HP Release B.11.23 AND filesets tests SMAIL-UPGRADE.INET-SMAIL version is less than B.11.23.1.007 AND SMAIL-UPGRADE.INET2-SMAIL version is less than B.11.23.1.007 OR Criteria meets HP Security Bulletin HPSBUX02508 HP Release B.11.11 AND SMAIL-UPGRADE.INETSVCS-SMAIL version is less than B.11.11.02.008 OR Criteria meets HP Security Bulletin HPSBUX02508 HP-UX B.11.31 AND filesets tests Sendmail.SENDMAIL-AUX version is less than C.8.13.3.5 AND Sendmail.SENDMAIL-RUN version is less than C.8.13.3.5

Definition Id: oval:org.mitre.oval:def:20232

Oval ID:	oval:org.mitre.oval:def:20232
Title:	DSA-1985-1 sendmail - insufficient input validation
Description:	It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate.
Family:	unix	Class:	patch
Reference(s):	DSA-1985-1 CVE-2009-4565	Version:	5
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 5.0	Product(s):	sendmail
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND sendmail DPKG is earlier than 0:8.13.8-3+etch1 AND Release section Debian GNU/Linux 5.0 is installed AND sendmail DPKG is earlier than 0:8.14.3-5+lenny1

Definition Id: oval:org.mitre.oval:def:22058

Oval ID:	oval:org.mitre.oval:def:22058
Title:	RHSA-2010:0237: sendmail security and bug fix update (Low)
Description:	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0237-05 CVE-2006-7176 CVE-2009-4565	Version:	29
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	sendmail
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section sendmail is earlier than 0:8.13.8-8.el5 AND sendmail-doc is earlier than 0:8.13.8-8.el5 AND sendmail-devel is earlier than 0:8.13.8-8.el5 AND sendmail-cf is earlier than 0:8.13.8-8.el5

Definition Id: oval:org.mitre.oval:def:23064

Oval ID:	oval:org.mitre.oval:def:23064
Title:	ELSA-2010:0237: sendmail security and bug fix update (Low)
Description:	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0237-05 CVE-2006-7176 CVE-2009-4565	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	sendmail
Definition Synopsis:
Oracle Linux 5.x rpm test sendmail is earlier than 0:8.13.8-8.el5 AND sendmail-doc is earlier than 0:8.13.8-8.el5 AND sendmail-devel is earlier than 0:8.13.8-8.el5 AND sendmail-cf is earlier than 0:8.13.8-8.el5

Definition Id: oval:org.mitre.oval:def:27847

Oval ID:	oval:org.mitre.oval:def:27847
Title:	DEPRECATED: ELSA-2010-0237 -- sendmail security and bug fix update (low)
Description:	[8.13.8-8] - rpm attributes S,5,T not recorded for statistics file [8.13.8-7] - fix specfile for passing rpm -V test (#555277) [8.13.8-6.el5] - fix verification of SSL certificate with NUL in name (#553618, CVE-2009-4565) - do not accept localhost.localdomain as valid address from smtp (#449391) - skip colon separator when parsing service name in ServiceSwitchFile (#512871) - exit with non-zero error code when free space is low (#299951) - fix -qG description in man page (#250552) - fix comments in sendmail.mc to use correct certs path (#244012) - add MTA to provides (#494408) - fix %dist macro use (#440616) - compile with -fno-strict-aliasing - skip t-sem test as it doesn't allow parallel testing
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0237 CVE-2006-7176 CVE-2009-4565	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	sendmail
Definition Synopsis:
Oracle Linux 5.x Packages match section sendmail is earlier than 0:8.13.8-8.el5 AND sendmail-cf is earlier than 0:8.13.8-8.el5 AND sendmail-devel is earlier than 0:8.13.8-8.el5 AND sendmail-doc is earlier than 0:8.13.8-8.el5

Definition Id: oval:org.mitre.oval:def:6719

Oval ID:	oval:org.mitre.oval:def:6719
Title:	DSA-1985 sendmail -- insufficient input validation
Description:	It was discovered that sendmail, a Mail Transport Agent, does not properly handle a "\0" character in a Common Name field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
Family:	unix	Class:	patch
Reference(s):	DSA-1985 CVE-2009-4565	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	sendmail
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section sendmail-base is earlier than 8.14.3-5+lenny1 AND sendmail-cf is earlier than 8.14.3-5+lenny1 AND sendmail-doc is earlier than 8.14.3-5+lenny1 AND sendmail is earlier than 8.14.3-5+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section rmail is earlier than 8.14.3-5+lenny1 AND sendmail-bin is earlier than 8.14.3-5+lenny1 AND libmilter-dev is earlier than 8.14.3-5+lenny1 AND sensible-mda is earlier than 8.14.3-5+lenny1 AND libmilter1.0.1 is earlier than 8.14.3-5+lenny1 AND libmilter1.0.1-dbg is earlier than 8.14.3-5+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section sendmail-base is earlier than 8.13.8-3+etch1 AND sendmail-cf is earlier than 8.13.8-3+etch1 AND sendmail-doc is earlier than 8.13.8-3+etch1 AND sendmail is earlier than 8.13.8-3+etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section rmail is earlier than 8.13.8-3+etch1 AND libmilter0 is earlier than 8.13.8-3+etch1 AND sendmail-bin is earlier than 8.13.8-3+etch1 AND libmilter0-dbg is earlier than 8.13.8-3+etch1 AND libmilter-dev is earlier than 8.13.8-3+etch1 AND sensible-mda is earlier than 8.13.8-3+etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sendmail cpe:2.3:a:sendmail:sendmail:8.9.3:::::::* cpe:2.3:a:sendmail:sendmail:8.9.2:::::::* cpe:2.3:a:sendmail:sendmail:8.9.1:::::::* cpe:2.3:a:sendmail:sendmail:8.9.0:::::::* cpe:2.3:a:sendmail:sendmail:8.8.8:::::::* cpe:2.3:a:sendmail:sendmail:8.7.9:::::::* cpe:2.3:a:sendmail:sendmail:8.7.8:::::::* cpe:2.3:a:sendmail:sendmail:8.7.7:::::::* cpe:2.3:a:sendmail:sendmail:8.7.6:::::::* cpe:2.3:a:sendmail:sendmail:8.7.10:::::::* cpe:2.3:a:sendmail:sendmail:8.6.7:::::::* cpe:2.3:a:sendmail:sendmail:8.14.3:::::::* cpe:2.3:a:sendmail:sendmail:8.14.2:::::::* cpe:2.3:a:sendmail:sendmail:8.14.1:::::::* cpe:2.3:a:sendmail:sendmail:8.14.0:::::::* cpe:2.3:a:sendmail:sendmail:8.13.8:::::::* cpe:2.3:a:sendmail:sendmail:8.13.7:::::::* cpe:2.3:a:sendmail:sendmail:8.13.6:::::::* cpe:2.3:a:sendmail:sendmail:8.13.5:::::::* cpe:2.3:a:sendmail:sendmail:8.13.4:::::::* cpe:2.3:a:sendmail:sendmail:8.13.3:::::::* cpe:2.3:a:sendmail:sendmail:8.13.2:::::::* cpe:2.3:a:sendmail:sendmail:8.13.1.2:::::::* cpe:2.3:a:sendmail:sendmail:8.13.1:::::::* cpe:2.3:a:sendmail:sendmail:8.13.0:::::::* cpe:2.3:a:sendmail:sendmail:8.12.9:::::::* cpe:2.3:a:sendmail:sendmail:8.12.8:::::::* cpe:2.3:a:sendmail:sendmail:8.12.7:::::::* cpe:2.3:a:sendmail:sendmail:8.12.6:::::::* cpe:2.3:a:sendmail:sendmail:8.12.5:::::::* cpe:2.3:a:sendmail:sendmail:8.12.4:::::::* cpe:2.3:a:sendmail:sendmail:8.12.3:::::::* cpe:2.3:a:sendmail:sendmail:8.12.2:::::::* cpe:2.3:a:sendmail:sendmail:8.12.11:::::::* cpe:2.3:a:sendmail:sendmail:8.12.10:::::::* cpe:2.3:a:sendmail:sendmail:8.12.1:::::::* cpe:2.3:a:sendmail:sendmail:8.12.0:::::::* cpe:2.3:a:sendmail:sendmail:8.12:beta10:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta16:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta12:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta5:::::: cpe:2.3:a:sendmail:sendmail:8.12:beta7:::::: cpe:2.3:a:sendmail:sendmail:8.11.7:::::::* cpe:2.3:a:sendmail:sendmail:8.11.6:::::::* cpe:2.3:a:sendmail:sendmail:8.11.5:::::::* cpe:2.3:a:sendmail:sendmail:8.11.4:::::::* cpe:2.3:a:sendmail:sendmail:8.11.3:::::::* cpe:2.3:a:sendmail:sendmail:8.11.2:::::::* cpe:2.3:a:sendmail:sendmail:8.11.1:::::::* cpe:2.3:a:sendmail:sendmail:8.11.0:::::::* cpe:2.3:a:sendmail:sendmail:8.10.2:::::::* cpe:2.3:a:sendmail:sendmail:8.10.1:::::::* cpe:2.3:a:sendmail:sendmail:8.10.0:::::::* cpe:2.3:a:sendmail:sendmail:8.10:::::::* cpe:2.3:a:sendmail:sendmail:5.65:::::::* cpe:2.3:a:sendmail:sendmail:5.61:::::::* cpe:2.3:a:sendmail:sendmail:5.59:::::::* cpe:2.3:a:sendmail:sendmail:5:::::::* cpe:2.3:a:sendmail:sendmail:4.55:::::::* cpe:2.3:a:sendmail:sendmail:4.1:::::::* cpe:2.3:a:sendmail:sendmail:3.0.3:::::::* cpe:2.3:a:sendmail:sendmail:3.0.2:::::::* cpe:2.3:a:sendmail:sendmail:3.0.2::nt::::: cpe:2.3:a:sendmail:sendmail:3.0.1:::::::* cpe:2.3:a:sendmail:sendmail:3.0.1::nt::::: cpe:2.3:a:sendmail:sendmail:3.0:::::::* cpe:2.3:a:sendmail:sendmail:3.0::nt::::: cpe:2.3:a:sendmail:sendmail:2.6.2:::::::* cpe:2.3:a:sendmail:sendmail:2.6.1:::::::* cpe:2.3:a:sendmail:sendmail:2.6.1::nt::::: cpe:2.3:a:sendmail:sendmail:2.6:::::::* cpe:2.3:a:sendmail:sendmail:2.6::nt::::: cpe:2.3:a:sendmail:sendmail::::::::	73

OpenVAS Exploits

Date	Description
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-30 (sendmail) File : nvt/glsa_201206_30.nasl
2011-02-18	Name : RedHat Update for sendmail RHSA-2011:0262-01 File : nvt/gb_RHSA-2011_0262-01_sendmail.nasl
2010-06-25	Name : Fedora Update for sendmail FEDORA-2010-5470 File : nvt/gb_fedora_2010_5470_sendmail_fc12.nasl
2010-06-18	Name : Fedora Update for sendmail FEDORA-2010-5399 File : nvt/gb_fedora_2010_5399_sendmail_fc11.nasl
2010-04-06	Name : RedHat Update for sendmail RHSA-2010:0237-05 File : nvt/gb_RHSA-2010_0237-05_sendmail.nasl
2010-03-31	Name : HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508 File : nvt/gb_hp_ux_HPSBUX02508.nasl
2010-01-19	Name : Mandriva Update for sendmail MDVSA-2010:003 (sendmail) File : nvt/gb_mandriva_MDVSA_2010_003.nasl
2010-01-04	Name : Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnera... File : nvt/sendmail_37543.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
62373	Sendmail X.509 Certificate Null Character MiTM Spoofing Weakness

Information Assurance Vulnerability Management (IAVM)

Date	Description
2010-01-07	IAVM : 2010-A-0002 - Sendmail SSL Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0022182

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0262.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72510.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72837.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72836.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72835.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72528.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72515.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ72834.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote AIX host is missing a security patch. File : aix_IZ70637.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110216_sendmail_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100330_sendmail_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-26	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-30.nasl - Type : ACT_GATHER_INFO
2011-04-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0262.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sendmail-6860.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-5470.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-5399.nasl - Type : ACT_GATHER_INFO
2010-05-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0237.nasl - Type : ACT_GATHER_INFO
2010-03-02	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12590.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote openSUSE host is missing a security update. File : suse_11_0_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote openSUSE host is missing a security update. File : suse_11_1_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote openSUSE host is missing a security update. File : suse_11_2_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote SuSE 11 host is missing a security update. File : suse_11_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sendmail-6859.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1985.nasl - Type : ACT_GATHER_INFO
2010-01-13	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-003.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote mail server is susceptible to a man-in-the-middle attack. File : sendmail_8_14_4.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:29:12	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
CPE ID(s)	73
osvdb(s)	1
Openvas Exploit(s)	8
IAVM(s)	1
Nessus® Exploit(s)	26

	Related
7.5	CVE-2009-4565
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.5 - DSA-1985

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU