HPE Community
Operating System - HP-UX
1820263 Members
3026 Online
109622 Solutions
New Discussion юеВ

Sendmail CVE-2009-4565 CERT

 
SOLVED
Go to solution
DShinn
Frequent Advisor

тАО01-14-2010 09:09 AM

тАО01-14-2010 09:09 AM

Sendmail CVE-2009-4565 CERT

Does anyone know what the plan is to address this CERT?

Thank-you,

Dorothy
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

тАО01-14-2010 10:17 AM

тАО01-14-2010 10:17 AM

Re: Sendmail CVE-2009-4565 CERT

Shalom Dorothy,

HP addresses all important CERT warnings on sendmail.

The initial response is usually a replacement for the sendmail binary file. It is then followed up, sometimes much later with a new depot based release of sendmail.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
DShinn
Frequent Advisor

тАО01-14-2010 01:36 PM

тАО01-14-2010 01:36 PM

Re: Sendmail CVE-2009-4565 CERT

Thank-you for the information! Probably the latest CERT will be addressed within a timely manner?

0 Kudos
Reply
Mark Nierth
Advisor

тАО02-18-2010 08:24 AM

тАО02-18-2010 08:24 AM

Solution

Re: Sendmail CVE-2009-4565 CERT

Hi Dorothy,
I opened a case with HP on this CVE last month and here is their response.

I looked into the new vulnerability, CVE-2009-4565. I checked with our Level 3 group and it is a new issue. A new Service Request was started for this vulnerability and a CR, QXCR1001004856 was created. They are working on a fix.



The Level 3 people did tell me that if not using TLS / STARTLS there is no possibility of an exploit.

As of yet, I haven't seen a fix yet.

Mark
Reply
DShinn
Frequent Advisor

тАО02-18-2010 10:40 AM

тАО02-18-2010 10:40 AM

Re: Sendmail CVE-2009-4565 CERT

Mark,

Thank-you for posting the information! Will pass along this information to my management.

Thanks again!

Dorothy
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.