SciLinux: CVE-2006-7176 Low: sendmail SL5.x i386/x86_64
Summary
come from external hosts. This could allow remote attackers to disguisespoofed messages. (CVE-2006-7176)A flaw was found in the way sendmail handled NUL characters in theCommonName field of X.509 certificates. An attacker able to get acarefully-crafted certificate signed by a trusted Certificate Authoritycould trick sendmail into accepting it by mistake, allowing the attackerto perform a man-in-the-middle attack or bypass intended clientcertificate authentication. (CVE-2009-4565)Note: The CVE-2009-4565 issue only affected configurations using TLSwith certificate verification and CommonName checking enabled, which isnot a typical configuration.This update also fixes the following bugs:* sendmail was unable to parse files specified by the ServiceSwitchFileoption which used a colon as a separator. (BZ#512871)* sendmail incorrectly returned a zero exit code when free space waslow. (BZ#299951)* the sendmail manual page had a blank space between the -qG option andparameter. (BZ#250552)* the comments in the sendmail.mc file specified the wrong path to SSLcertificates. (BZ#244012)* the sendmail packages did not provide the MTA capability. (BZ#494408)SL 5.xSRPMS:sendmail-8.13.8-8.el5.src.rpmi386:sendmail-8.13.8-8.el5.i386.rpmsendmail-cf-8.13.8-8.el5.i386.rpmsendmail-devel-8.13.8-8.el5.i386.rpmsendmail-doc-8.13.8-8.el5.i386.rpmx86_64:sendmail-8.13.8-8.el5.x86_64.rpmsendmail-cf-8.13.8-8.el5.x86_64.rpmsendmail-devel-8.13.8-8.el5.i386.rpmsendmail-devel-8.13.8-8.el5.x86_64.rpmsendmail-doc-8.13.8-8.el5.x86_64.rpm-Connie Sieh-Troy Dawson