Vulnerabilities > CVE-2006-7175 - Remote Security vulnerability in Sendmail 8.13.1.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

redhat

sendmail

NVD

Published: 2007-03-27

Updated: 2008-09-05

Summary

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 4.0	1
Application	Sendmail Sendmail Sendmail 8.13.1.2	1

Statements

contributor	Mark J Cox
lastmodified	2007-04-27
organization	Red Hat
statement	DISPUTED Sendmail classes the CipherList directive as "for future release"; currently unsupported and undocumented. Therefore the lack of support for the CipherList directive in various Red Hat products is not a vulnerability.

References

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352