Oval Definition:oval:org.mitre.oval:def:6719
Revision Date:2014-06-23Version:20
Title:DSA-1985 sendmail -- insufficient input validation
Description:It was discovered that sendmail, a Mail Transport Agent, does not properly handle a "\0" character in a Common Name field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-4565
DSA-1985
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):sendmail
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • sendmail-base is earlier than 8.14.3-5+lenny1
  • OR sendmail-cf is earlier than 8.14.3-5+lenny1
  • OR sendmail-doc is earlier than 8.14.3-5+lenny1
  • OR sendmail is earlier than 8.14.3-5+lenny1
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • rmail is earlier than 8.14.3-5+lenny1
  • OR sendmail-bin is earlier than 8.14.3-5+lenny1
  • OR libmilter-dev is earlier than 8.14.3-5+lenny1
  • OR sensible-mda is earlier than 8.14.3-5+lenny1
  • OR libmilter1.0.1 is earlier than 8.14.3-5+lenny1
  • OR libmilter1.0.1-dbg is earlier than 8.14.3-5+lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • sendmail-base is earlier than 8.13.8-3+etch1
  • OR sendmail-cf is earlier than 8.13.8-3+etch1
  • OR sendmail-doc is earlier than 8.13.8-3+etch1
  • OR sendmail is earlier than 8.13.8-3+etch1
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • rmail is earlier than 8.13.8-3+etch1
  • OR libmilter0 is earlier than 8.13.8-3+etch1
  • OR sendmail-bin is earlier than 8.13.8-3+etch1
  • OR libmilter0-dbg is earlier than 8.13.8-3+etch1
  • OR libmilter-dev is earlier than 8.13.8-3+etch1
  • OR sensible-mda is earlier than 8.13.8-3+etch1
    • BACK