Oval Definition:oval:org.mitre.oval:def:11822
Revision Date:2015-04-20Version:28
Title:HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.
Description:sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-4565
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02508
  • HP-UX B.11.23
  • AND filesets tests
  • SMAIL-UPGRADE.INET-SMAIL version is less than B.11.23.1.007
  • OR SMAIL-UPGRADE.INET2-SMAIL version is less than B.11.23.1.007
  • OR Criteria meets HP Security Bulletin HPSBUX02508
  • HP-UX B.11.11
  • AND SMAIL-UPGRADE.INETSVCS-SMAIL version is less than B.11.11.02.008
  • OR Criteria meets HP Security Bulletin HPSBUX02508
  • HP-UX B.11.31
  • AND filesets tests
  • Sendmail.SENDMAIL-AUX version is less than C.8.13.3.5
  • OR Sendmail.SENDMAIL-RUN version is less than C.8.13.3.5
    • BACK