This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A security vulnerability has been identified and fixed in sendmail :
sendmail before 8.14.4 does not properly handle a '\0' (NUL) character
in a Common Name (CN) field of an X.509 certificate, which (1) allows
man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers
via a crafted server certificate issued by a legitimate Certification
Authority, and (2) allows remote attackers to bypass intended access
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408
Packages for 2008.0 are provided for Corporate Desktop 2008.0
This update provides a fix for this vulnerability.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true