Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59350
Category:Fedora Local Security Checks
Title:Fedora Core 4 FEDORA-2006-836 (sendmail)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to sendmail
announced via advisory FEDORA-2006-836.

The Sendmail program is a very widely used Mail Transport Agent (MTA).
MTAs send mail from one machine to another. Sendmail is not a client
program, which you use to read your email. Sendmail is a
behind-the-scenes program which actually moves your email over
networks or the Internet to where you want it to go.

If you ever need to reconfigure Sendmail, you will also need to have
the sendmail.cf package installed. If you need documentation on
Sendmail, you can install the sendmail-doc package.


* Tue Jul 18 2006 Thomas Woerner 8.13.7-2.fc4.1
- using new syntax for access database (#177566)
- fixed failure message while shutting down sm-client (#119429)
resolution: stop sm-client before sendmail
- fixed method to specify persistent queue runners (#126760)
- removed patch backup files from sendmail-cf tree (#152955)
- fixed missing dnl on SMART_HOST define (#166680)
- fixed wrong location of aliases and aliases.db file in aliases man page
(#166744)
- enabled CipherList config option for sendmail (#172352)
- added user chowns for /etc/mail/authinfo.db and move check for cf files
(#184341)
- fixed Makefile of vacation (#191396)
vacation is not included in this sendmail package
- /var/log/mail now belongs to sendmail (#192850)
- using old pam_stack
* Wed Jul 12 2006 Jesse Keating - 8.13.7-2.1
- rebuild
* Mon Jun 19 2006 Thomas Woerner 8.13.7-2
- dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679)
* Mon Jun 19 2006 Thomas Woerner 8.13.7-1
- new version 8.13.7 (#195282)
- fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by
malformed multipart messages (#195776)

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2006-836

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-1173
AIX APAR: IY85415
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
AIX APAR: IY85930
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
BugTraq ID: 18433
http://www.securityfocus.com/bid/18433
Bugtraq: 20060620 Sendmail MIME DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/437928/100/0/threaded
Bugtraq: 20060624 Re: Sendmail MIME DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/438241/100/0/threaded
http://www.securityfocus.com/archive/1/438330/100/0/threaded
Bugtraq: 20060721 rPSA-2006-0134-1 sendmail sendmail-cf (Google Search)
http://www.securityfocus.com/archive/1/440744/100/0/threaded
CERT/CC vulnerability note: VU#146718
http://www.kb.cert.org/vuls/id/146718
Debian Security Information: DSA-1155 (Google Search)
http://www.debian.org/security/2006/dsa-1155
FreeBSD Security Advisory: FreeBSD-SA-06:17.sendmail
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
HPdes Security Advisory: HPSBTU02116
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
HPdes Security Advisory: HPSBUX02124
http://www.securityfocus.com/archive/1/442939/100/0/threaded
HPdes Security Advisory: SSRT061135
HPdes Security Advisory: SSRT061159
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
OpenBSD Security Advisory: [3.8] 008: SECURITY FIX: June 15, 2006
http://www.openbsd.org/errata38.html#sendmail2
http://www.osvdb.org/26197
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253
http://www.redhat.com/support/errata/RHSA-2006-0515.html
http://securitytracker.com/id?1016295
http://secunia.com/advisories/15779
http://secunia.com/advisories/20473
http://secunia.com/advisories/20641
http://secunia.com/advisories/20650
http://secunia.com/advisories/20651
http://secunia.com/advisories/20654
http://secunia.com/advisories/20673
http://secunia.com/advisories/20675
http://secunia.com/advisories/20679
http://secunia.com/advisories/20683
http://secunia.com/advisories/20684
http://secunia.com/advisories/20694
http://secunia.com/advisories/20726
http://secunia.com/advisories/20782
http://secunia.com/advisories/21042
http://secunia.com/advisories/21160
http://secunia.com/advisories/21327
http://secunia.com/advisories/21612
http://secunia.com/advisories/21647
SGI Security Advisory: 20060601-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
SGI Security Advisory: 20060602-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
SuSE Security Announcement: SUSE-SA:2006:032 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2351
http://www.vupen.com/english/advisories/2006/2388
http://www.vupen.com/english/advisories/2006/2389
http://www.vupen.com/english/advisories/2006/2390
http://www.vupen.com/english/advisories/2006/2798
http://www.vupen.com/english/advisories/2006/3135
XForce ISS Database: sendmail-multipart-mime-dos(27128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.