oval:org.mitre.oval:def:11822

Definition Id: oval:org.mitre.oval:def:11822

Oval ID:	oval:org.mitre.oval:def:11822
Title:	HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.
Description:	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-4565	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02508 HP Release B.11.23 AND filesets tests SMAIL-UPGRADE.INET-SMAIL version is less than B.11.23.1.007 AND SMAIL-UPGRADE.INET2-SMAIL version is less than B.11.23.1.007 OR Criteria meets HP Security Bulletin HPSBUX02508 HP Release B.11.11 AND SMAIL-UPGRADE.INETSVCS-SMAIL version is less than B.11.11.02.008 OR Criteria meets HP Security Bulletin HPSBUX02508 HP-UX B.11.31 AND filesets tests Sendmail.SENDMAIL-AUX version is less than C.8.13.3.5 AND Sendmail.SENDMAIL-RUN version is less than C.8.13.3.5