Executive Summary

Summary
Title HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access
Informations
Name HPSBUX02508 SSRT100007 First vendor Publication 2010-03-24
Vendor HP Last vendor Modification 2010-04-20
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP-UX running sendmail and STARTTLS enabled. This vulnerability could allow a user to gain remote unauthorized access.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02009860

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10255
 
Oval ID: oval:org.mitre.oval:def:10255
Title: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4565
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11822
 
Oval ID: oval:org.mitre.oval:def:11822
Title: HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4565
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20232
 
Oval ID: oval:org.mitre.oval:def:20232
Title: DSA-1985-1 sendmail - insufficient input validation
Description: It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate.
Family: unix Class: patch
Reference(s): DSA-1985-1
CVE-2009-4565
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22058
 
Oval ID: oval:org.mitre.oval:def:22058
Title: RHSA-2010:0237: sendmail security and bug fix update (Low)
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): RHSA-2010:0237-05
CVE-2006-7176
CVE-2009-4565
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23064
 
Oval ID: oval:org.mitre.oval:def:23064
Title: ELSA-2010:0237: sendmail security and bug fix update (Low)
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): ELSA-2010:0237-05
CVE-2006-7176
CVE-2009-4565
Version: 13
Platform(s): Oracle Linux 5
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27847
 
Oval ID: oval:org.mitre.oval:def:27847
Title: DEPRECATED: ELSA-2010-0237 -- sendmail security and bug fix update (low)
Description: [8.13.8-8] - rpm attributes S,5,T not recorded for statistics file [8.13.8-7] - fix specfile for passing rpm -V test (#555277) [8.13.8-6.el5] - fix verification of SSL certificate with NUL in name (#553618, CVE-2009-4565) - do not accept localhost.localdomain as valid address from smtp (#449391) - skip colon separator when parsing service name in ServiceSwitchFile (#512871) - exit with non-zero error code when free space is low (#299951) - fix -qG description in man page (#250552) - fix comments in sendmail.mc to use correct certs path (#244012) - add MTA to provides (#494408) - fix %dist macro use (#440616) - compile with -fno-strict-aliasing - skip t-sem test as it doesn't allow parallel testing
Family: unix Class: patch
Reference(s): ELSA-2010-0237
CVE-2006-7176
CVE-2009-4565
Version: 4
Platform(s): Oracle Linux 5
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6719
 
Oval ID: oval:org.mitre.oval:def:6719
Title: DSA-1985 sendmail -- insufficient input validation
Description: It was discovered that sendmail, a Mail Transport Agent, does not properly handle a "\0" character in a Common Name field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
Family: unix Class: patch
Reference(s): DSA-1985
CVE-2009-4565
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): sendmail
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 73

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-30 (sendmail)
File : nvt/glsa_201206_30.nasl
2011-02-18 Name : RedHat Update for sendmail RHSA-2011:0262-01
File : nvt/gb_RHSA-2011_0262-01_sendmail.nasl
2010-06-25 Name : Fedora Update for sendmail FEDORA-2010-5470
File : nvt/gb_fedora_2010_5470_sendmail_fc12.nasl
2010-06-18 Name : Fedora Update for sendmail FEDORA-2010-5399
File : nvt/gb_fedora_2010_5399_sendmail_fc11.nasl
2010-04-06 Name : RedHat Update for sendmail RHSA-2010:0237-05
File : nvt/gb_RHSA-2010_0237-05_sendmail.nasl
2010-03-31 Name : HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508
File : nvt/gb_hp_ux_HPSBUX02508.nasl
2010-01-19 Name : Mandriva Update for sendmail MDVSA-2010:003 (sendmail)
File : nvt/gb_mandriva_MDVSA_2010_003.nasl
2010-01-04 Name : Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnera...
File : nvt/sendmail_37543.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62373 Sendmail X.509 Certificate Null Character MiTM Spoofing Weakness

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-01-07 IAVM : 2010-A-0002 - Sendmail SSL Certificate Validation Vulnerability
Severity : Category I - VMSKEY : V0022182

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0262.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72510.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72837.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72836.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72835.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72528.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72515.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ72834.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote AIX host is missing a security patch.
File : aix_IZ70637.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110216_sendmail_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_sendmail_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-30.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0262.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sendmail-6860.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5470.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5399.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0237.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12590.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sendmail-6859.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1985.nasl - Type : ACT_GATHER_INFO
2010-01-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-003.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote mail server is susceptible to a man-in-the-middle attack.
File : sendmail_8_14_4.nasl - Type : ACT_GATHER_INFO