sendmail-8.13.8-8.0.1.AXS3
エラータID: AXSA:2010-193:01
リリース日:
2010/04/09 Friday - 20:55
題名:
sendmail-8.13.8-8.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Red Hat Enterprise Linux 4 および MIRACLE LINUX V4.0 に含まれる sendmail パッケージには、外部ホストからの "localhost.localdomain" ドメインのメールメッセージを拒否しない問題があります。(CVE-2006-7176)
- sendmail には、X.509 証明書内の Common Name (CN) フィールドにある '\\0' 文字を適切に処理しないため、任意の SSL-based SMTP サーバになりすまされる、またはアクセス制限を回避される脆弱性が存在します。
本脆弱性は CVE-2009-2408 と関連があります。(CVE-2009-4565)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2006-7176
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
追加情報:
N/A
ダウンロード:
SRPMS
- sendmail-8.13.8-8.0.1.AXS3.src.rpm
MD5: 689ba8bdf48579cac2d75ec0054810d2
SHA-256: 3ab4e3a0c3d2b8c35fa49605b6b1c0ac332ea82dea1edba04e2a51333e152813
Size: 1.97 MB
Asianux Server 3 for x86
- sendmail-8.13.8-8.0.1.AXS3.i386.rpm
MD5: e4de080d501d53006d2a4f6903cf6c43
SHA-256: f92ddc7a6dc814930eafcdf6f0172c94bfe6235ffe03c06b13d3cedc2cbf7dbb
Size: 624.62 kB - sendmail-cf-8.13.8-8.0.1.AXS3.i386.rpm
MD5: d3c322fecf30ac2d488f10cb01c9ecca
SHA-256: a43de7fa62fe7b1749bd6193434d16942217ef835ca8b5c6941e7a7196f6e25b
Size: 310.94 kB - sendmail-devel-8.13.8-8.0.1.AXS3.i386.rpm
MD5: 88838ed1da67d673f6c120172f00253c
SHA-256: 391d3eba664fb5d4a0750c7bf85605cd64dd8046a8675abe00cb81dbaea170ba
Size: 128.10 kB - sendmail-doc-8.13.8-8.0.1.AXS3.i386.rpm
MD5: dbe6ff23e2acb5af8ad09750af975bed
SHA-256: 529a8388c9486bf1f6015c65abc31a83ca35ab8fe53f11ac13fea3f9ab1e15a8
Size: 665.22 kB
Asianux Server 3 for x86_64
- sendmail-8.13.8-8.0.1.AXS3.x86_64.rpm
MD5: ec5b1bcae5340e44a3e2e95b00f69bca
SHA-256: eb3381f4d1dd00632ff9c4f3cff3bd9972dab2b72450b59da8e1ec5cc439af12
Size: 638.73 kB - sendmail-cf-8.13.8-8.0.1.AXS3.x86_64.rpm
MD5: 6d693378d79a48dc0236e4264d23acd3
SHA-256: 229272167951b394c4cf0bfd62af1416b13d8a8b6f6f08facde1210b1f109ce9
Size: 310.89 kB - sendmail-devel-8.13.8-8.0.1.AXS3.x86_64.rpm
MD5: 29122ade3bea120d6077c46fbd077888
SHA-256: 625094767a3d7e112b6c03dc139fa530d9d8c68e4f6b9157b905f1eb8ff00058
Size: 132.94 kB - sendmail-doc-8.13.8-8.0.1.AXS3.x86_64.rpm
MD5: e7210dda92619e9a22251bc93e853820
SHA-256: 29ffb061b5168a82f5e3c0ca1b7644ddb1a0b500f895962be4107f37a26e2f43
Size: 665.19 kB