MDVSA-2010:003

Nom du paquet

sendmail

Date

2010-01-11

Advisory ID

MDVSA-2010:003

Affected versions

2009.0 x86_64 , MES5 i586 , MNF2.0 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

A security vulnerability has been identified and fixed in sendmail:

sendmail before 8.14.4 does not properly handle a '\0' (NUL)
character in a Common Name (CN) field of an X.509 certificate, which
(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based
SMTP servers via a crafted server certificate issued by a legitimate
Certification Authority, and (2) allows remote attackers to bypass
intended access restrictions via a crafted client certificate issued by
a legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2009-4565).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

This update provides a fix for this vulnerability.

Updated packages

2009.0 x86_64

 367a5fe461786ca07bd26f75d5e83b87  2009.0/x86_64/sendmail-8.14.3-2.1mdv2009.0.x86_64.rpm
 74a5d145be5a34309a6b77d86c928221  2009.0/x86_64/sendmail-cf-8.14.3-2.1mdv2009.0.x86_64.rpm
 b0880a184b15a235e0af6c977a86deb4  2009.0/x86_64/sendmail-devel-8.14.3-2.1mdv2009.0.x86_64.rpm
 57629048e8712e85b4ad2b96b2820b4a  2009.0/x86_64/sendmail-doc-8.14.3-2.1mdv2009.0.x86_64.rpm 
 1d87f6050c197ac42e6e2d599c6ccb02  2009.0/SRPMS/sendmail-8.14.3-2.1mdv2009.0.src.rpm

MES5 i586

 87fa356ac80447bcf7328ff16712e97b  mes5/i586/sendmail-8.14.3-2.1mdvmes5.i586.rpm
 7204d91f35e0aec24c1dbd12af34f457  mes5/i586/sendmail-cf-8.14.3-2.1mdvmes5.i586.rpm
 bdcc3f3bf303f764dd87d52ffc7e4aa1  mes5/i586/sendmail-devel-8.14.3-2.1mdvmes5.i586.rpm
 faa0df4c43cddf8dcac3ddffb271211e  mes5/i586/sendmail-doc-8.14.3-2.1mdvmes5.i586.rpm 
 b71ace8a1ee671400e212ed9aa5200eb  mes5/SRPMS/sendmail-8.14.3-2.1mdvmes5.src.rpm

MNF2.0 i586

 60b1e9af1bf3310ebc17da12c51169e8  mnf/2.0/i586/sendmail-8.12.11-1.5.M20mdk.i586.rpm
 e36a464dcbde47632af940d79142be2a  mnf/2.0/i586/sendmail-cf-8.12.11-1.5.M20mdk.i586.rpm
 9ba7304e2b06011ad188af55d59c69f0  mnf/2.0/i586/sendmail-devel-8.12.11-1.5.M20mdk.i586.rpm
 168c304c45ff1d3064b795b80e75b19a  mnf/2.0/i586/sendmail-doc-8.12.11-1.5.M20mdk.i586.rpm 
 1bfda6494962b1b71e9127d5753492e6  mnf/2.0/SRPMS/sendmail-8.12.11-1.5.M20mdk.src.rpm

2010.0 x86_64

 06be9e7dbda96eb506b58499a896f515  2010.0/x86_64/sendmail-8.14.3-4.1mdv2010.0.x86_64.rpm
 ccad3d58cb1c296fef3cb9fc76b8ba5b  2010.0/x86_64/sendmail-cf-8.14.3-4.1mdv2010.0.x86_64.rpm
 30ea827e1029bc2519263a0821611886  2010.0/x86_64/sendmail-devel-8.14.3-4.1mdv2010.0.x86_64.rpm
 9dd4779fea3cde54fb211db8733164a0  2010.0/x86_64/sendmail-doc-8.14.3-4.1mdv2010.0.x86_64.rpm 
 d44550335102aefed7d2cfd94be56c18  2010.0/SRPMS/sendmail-8.14.3-4.1mdv2010.0.src.rpm

2010.0 i586

 cb3ff51261f0a547e79fb2beb26ccd5d  2010.0/i586/sendmail-8.14.3-4.1mdv2010.0.i586.rpm
 0e488f7f647c5c4a5aaa6e03aba37099  2010.0/i586/sendmail-cf-8.14.3-4.1mdv2010.0.i586.rpm
 575a321bab56d672d8bc2bea109e0230  2010.0/i586/sendmail-devel-8.14.3-4.1mdv2010.0.i586.rpm
 54a82cb021316e39766431c9ad6f36e8  2010.0/i586/sendmail-doc-8.14.3-4.1mdv2010.0.i586.rpm 
 d44550335102aefed7d2cfd94be56c18  2010.0/SRPMS/sendmail-8.14.3-4.1mdv2010.0.src.rpm

2009.1 i586

 b4f3e0bbbcd2a31ac54e97db1e86d3cb  2009.1/i586/sendmail-8.14.3-3.1mdv2009.1.i586.rpm
 4e455a03d26ac8db82520033f7c12b53  2009.1/i586/sendmail-cf-8.14.3-3.1mdv2009.1.i586.rpm
 83ed44ff797b518f754191a2913fb99b  2009.1/i586/sendmail-devel-8.14.3-3.1mdv2009.1.i586.rpm
 a6300984708e7c7e183de4cfeed303d4  2009.1/i586/sendmail-doc-8.14.3-3.1mdv2009.1.i586.rpm 
 715d4d5f51bb06566cc1cd2007eae13b  2009.1/SRPMS/sendmail-8.14.3-3.1mdv2009.1.src.rpm

2009.0 i586

 c7dfba4575fb7d2cae408ae4ffc3588f  2009.0/i586/sendmail-8.14.3-2.1mdv2009.0.i586.rpm
 7a77a2fd891995e30dc77b843afb55d1  2009.0/i586/sendmail-cf-8.14.3-2.1mdv2009.0.i586.rpm
 8c38bb523fe83f1a6936f89cef1d9aff  2009.0/i586/sendmail-devel-8.14.3-2.1mdv2009.0.i586.rpm
 5f27bc4b53e33a3e6f543eef078ba603  2009.0/i586/sendmail-doc-8.14.3-2.1mdv2009.0.i586.rpm 
 1d87f6050c197ac42e6e2d599c6ccb02  2009.0/SRPMS/sendmail-8.14.3-2.1mdv2009.0.src.rpm

CS4.0 i586

 b4af5f228b216fa419a0490db166e286  corporate/4.0/i586/sendmail-8.13.4-6.5.20060mlcs4.i586.rpm
 c8765f369aa52810a67f47118129802c  corporate/4.0/i586/sendmail-cf-8.13.4-6.5.20060mlcs4.i586.rpm
 9d31c0b2d982582fabd7db9aa0d65270  corporate/4.0/i586/sendmail-devel-8.13.4-6.5.20060mlcs4.i586.rpm
 9b0ebbce5cfd974ea19976f14329057e  corporate/4.0/i586/sendmail-doc-8.13.4-6.5.20060mlcs4.i586.rpm 
 e196e43d837e42491f6dfc950af0ebb7  corporate/4.0/SRPMS/sendmail-8.13.4-6.5.20060mlcs4.src.rpm

2008.0 x86_64

 27862cd3b57af76bbeaf4022b05f9944  2008.0/x86_64/sendmail-8.14.1-2.1mdv2008.0.x86_64.rpm
 4585530d86a21d4f0354cf2458ff4822  2008.0/x86_64/sendmail-cf-8.14.1-2.1mdv2008.0.x86_64.rpm
 f241b7f870d0bcbadc64cbd8c8642a4e  2008.0/x86_64/sendmail-devel-8.14.1-2.1mdv2008.0.x86_64.rpm
 a92613cbc1eecc47aeff44c8a24ed32e  2008.0/x86_64/sendmail-doc-8.14.1-2.1mdv2008.0.x86_64.rpm 
 0db8b791cbd6ab9c5acbb4d36dfc2011  2008.0/SRPMS/sendmail-8.14.1-2.1mdv2008.0.src.rpm

CS4.0 x86_64

 22d62ded1b3d7963740064769a7101bd  corporate/4.0/x86_64/sendmail-8.13.4-6.5.20060mlcs4.x86_64.rpm
 17ed3192e319890184067239fb3f8c57  corporate/4.0/x86_64/sendmail-cf-8.13.4-6.5.20060mlcs4.x86_64.rpm
 d702fb0c90ddc0c910869df484215e91  corporate/4.0/x86_64/sendmail-devel-8.13.4-6.5.20060mlcs4.x86_64.rpm
 ed75310c08e8e2c0dc797c84ef71e3e7  corporate/4.0/x86_64/sendmail-doc-8.13.4-6.5.20060mlcs4.x86_64.rpm 
 e196e43d837e42491f6dfc950af0ebb7  corporate/4.0/SRPMS/sendmail-8.13.4-6.5.20060mlcs4.src.rpm

2008.0 i586

 59415398189b3fcf81482a0aa548e2f4  2008.0/i586/sendmail-8.14.1-2.1mdv2008.0.i586.rpm
 ea981097f72996a76eba3db1ca168c68  2008.0/i586/sendmail-cf-8.14.1-2.1mdv2008.0.i586.rpm
 19d0308e739e5d2c1c3f4fa26cc58b83  2008.0/i586/sendmail-devel-8.14.1-2.1mdv2008.0.i586.rpm
 ec7b8d7a0ef153e7a6eb892f0e37b5de  2008.0/i586/sendmail-doc-8.14.1-2.1mdv2008.0.i586.rpm 
 0db8b791cbd6ab9c5acbb4d36dfc2011  2008.0/SRPMS/sendmail-8.14.1-2.1mdv2008.0.src.rpm

2009.1 x86_64

 cd8b93f0e5131be289a7820c668535d4  2009.1/x86_64/sendmail-8.14.3-3.1mdv2009.1.x86_64.rpm
 35901aab57046009e74921a9f8537f5c  2009.1/x86_64/sendmail-cf-8.14.3-3.1mdv2009.1.x86_64.rpm
 a6b5f206c58c9ed35417f49b157a245a  2009.1/x86_64/sendmail-devel-8.14.3-3.1mdv2009.1.x86_64.rpm
 708d8cf9d104f38bbc5d117048536d44  2009.1/x86_64/sendmail-doc-8.14.3-3.1mdv2009.1.x86_64.rpm 
 715d4d5f51bb06566cc1cd2007eae13b  2009.1/SRPMS/sendmail-8.14.3-3.1mdv2009.1.src.rpm

MES5 x86_64

 6899d9dde5ec73adc5071588ae9f5e8a  mes5/x86_64/sendmail-8.14.3-2.1mdvmes5.x86_64.rpm
 6ff20eb453f84f067eb411b37a745774  mes5/x86_64/sendmail-cf-8.14.3-2.1mdvmes5.x86_64.rpm
 12f793bc0f65025dc4b7bbc9b0730b89  mes5/x86_64/sendmail-devel-8.14.3-2.1mdvmes5.x86_64.rpm
 08b141b3aeb79b431fcc78de84d86d29  mes5/x86_64/sendmail-doc-8.14.3-2.1mdvmes5.x86_64.rpm 
 b71ace8a1ee671400e212ed9aa5200eb  mes5/SRPMS/sendmail-8.14.3-2.1mdvmes5.src.rpm

References

• http://www.sendmail.org/releases/8.14.4
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565