ID CVE-2006-7176
Summary The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:4.0:update4
    cpe:2.3:o:redhat:enterprise_linux:4.0:update4
  • Sendmail Sendmail 8.13.1.2
    cpe:2.3:a:sendmail:sendmail:8.13.1.2
CVSS
Base: 4.3 (as of 29-03-2007 - 13:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0252.NASL
    description From Red Hat Security Advisory 2007:0252 : Updated sendmail packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of Sendmail on Red Hat Enterprise Linux was found to not reject the 'localhost.localdomain' domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages (CVE-2006-7176). This updated package also fixes the following bugs : * Infinite loop within tls read. * Incorrect path to selinuxenabled in initscript. * Build artifacts from sendmail-cf package. * Missing socketmap support. * Add support for CipherList configuration directive. * Path for aliases file. * Failure of shutting down sm-client. * Allows to specify persistent queue runners. * Missing dnl for SMART_HOST define. * Fixes connections stay in CLOSE_WAIT. All users of Sendmail should upgrade to these updated packages, which contains backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67480
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67480
    title Oracle Linux 4 : sendmail (ELSA-2007-0252)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100330_SENDMAIL_ON_SL5_X.NASL
    description The configuration of sendmail in Scientific Linux was found to not reject the 'localhost.localdomain' domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed messages. (CVE-2006-7176) A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) Note: The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. This update also fixes the following bugs : - sendmail was unable to parse files specified by the ServiceSwitchFile option which used a colon as a separator. (BZ#512871) - sendmail incorrectly returned a zero exit code when free space was low. (BZ#299951) - the sendmail manual page had a blank space between the -qG option and parameter. (BZ#250552) - the comments in the sendmail.mc file specified the wrong path to SSL certificates. (BZ#244012) - the sendmail packages did not provide the MTA capability. (BZ#494408)
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60774
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60774
    title Scientific Linux Security Update : sendmail on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0252.NASL
    description Updated sendmail packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of Sendmail on Red Hat Enterprise Linux was found to not reject the 'localhost.localdomain' domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages (CVE-2006-7176). This updated package also fixes the following bugs : * Infinite loop within tls read. * Incorrect path to selinuxenabled in initscript. * Build artifacts from sendmail-cf package. * Missing socketmap support. * Add support for CipherList configuration directive. * Path for aliases file. * Failure of shutting down sm-client. * Allows to specify persistent queue runners. * Missing dnl for SMART_HOST define. * Fixes connections stay in CLOSE_WAIT. All users of Sendmail should upgrade to these updated packages, which contains backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25142
    published 2007-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25142
    title RHEL 4 : sendmail (RHSA-2007:0252)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070501_SENDMAIL_ON_SL4_X.NASL
    description The configuration of Sendmail was found to not reject the 'localhost.localdomain' domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages (CVE-2006-7176).
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60169
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60169
    title Scientific Linux Security Update : sendmail on SL4.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0252.NASL
    description Updated sendmail packages that fix a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of Sendmail on Red Hat Enterprise Linux was found to not reject the 'localhost.localdomain' domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages (CVE-2006-7176). This updated package also fixes the following bugs : * Infinite loop within tls read. * Incorrect path to selinuxenabled in initscript. * Build artifacts from sendmail-cf package. * Missing socketmap support. * Add support for CipherList configuration directive. * Path for aliases file. * Failure of shutting down sm-client. * Allows to specify persistent queue runners. * Missing dnl for SMART_HOST define. * Fixes connections stay in CLOSE_WAIT. All users of Sendmail should upgrade to these updated packages, which contains backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67046
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67046
    title CentOS 4 : sendmail (CESA-2007:0252)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0237.NASL
    description Updated sendmail packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Linux was found to not reject the 'localhost.localdomain' domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed messages. (CVE-2006-7176) A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) Note: The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. This update also fixes the following bugs : * sendmail was unable to parse files specified by the ServiceSwitchFile option which used a colon as a separator. (BZ#512871) * sendmail incorrectly returned a zero exit code when free space was low. (BZ#299951) * the sendmail manual page had a blank space between the -qG option and parameter. (BZ#250552) * the comments in the sendmail.mc file specified the wrong path to SSL certificates. (BZ#244012) * the sendmail packages did not provide the MTA capability. (BZ#494408) All users of sendmail are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46286
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46286
    title RHEL 5 : sendmail (RHSA-2010:0237)
oval via4
accepted 2013-04-29T04:14:26.597-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
family unix
id oval:org.mitre.oval:def:11499
status accepted
submitted 2010-07-09T03:56:16-04:00
title The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
version 24
redhat via4
advisories
bugzilla
id 200923
title sendmail.mc missing dnl on SMART_HOST define
oval
AND
  • comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
  • OR
    • AND
      • comment sendmail is earlier than 0:8.13.1-3.2.el4
        oval oval:com.redhat.rhsa:tst:20070252002
      • comment sendmail is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20070252003
    • AND
      • comment sendmail-cf is earlier than 0:8.13.1-3.2.el4
        oval oval:com.redhat.rhsa:tst:20070252008
      • comment sendmail-cf is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20070252009
    • AND
      • comment sendmail-devel is earlier than 0:8.13.1-3.2.el4
        oval oval:com.redhat.rhsa:tst:20070252004
      • comment sendmail-devel is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20070252005
    • AND
      • comment sendmail-doc is earlier than 0:8.13.1-3.2.el4
        oval oval:com.redhat.rhsa:tst:20070252006
      • comment sendmail-doc is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20070252007
rhsa
id RHSA-2007:0252
released 2007-05-01
severity Low
title RHSA-2007:0252: sendmail security and bug fix update (Low)
rpms
  • sendmail-0:8.13.1-3.2.el4
  • sendmail-cf-0:8.13.1-3.2.el4
  • sendmail-devel-0:8.13.1-3.2.el4
  • sendmail-doc-0:8.13.1-3.2.el4
  • sendmail-0:8.13.8-8.el5
  • sendmail-cf-0:8.13.8-8.el5
  • sendmail-devel-0:8.13.8-8.el5
  • sendmail-doc-0:8.13.8-8.el5
refmap via4
bid 23742
confirm http://support.avaya.com/elmodocs2/security/ASA-2007-248.htm
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171838
secunia
  • 25098
  • 25743
Last major update 21-08-2010 - 00:59
Published 27-03-2007 - 19:19
Last modified 10-10-2017 - 21:31
Back to Top