CVE-2006-7175
First published: Tue Mar 27 2007(Updated: )
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | =4.0-update4 | |
| Sendmail | =8.13.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-7175?
CVE-2006-7175 is considered a moderate severity vulnerability due to the potential use of insecure SSLv2 encryption.
How do I fix CVE-2006-7175?
To fix CVE-2006-7175, update to a later version of Sendmail that allows disabling SSLv2 encryption.
Which versions of Sendmail are affected by CVE-2006-7175?
CVE-2006-7175 affects Sendmail version 8.13.1-2 and earlier.
Is my system vulnerable if I am using Red Hat Enterprise Linux 4 Update 4?
Yes, if you are using Red Hat Enterprise Linux 4 Update 4 with the affected version of Sendmail, your system is vulnerable.
Can I mitigate the risks of CVE-2006-7175 without updating?
Mitigation options are limited, but you can restrict access to the Sendmail service as a temporary measure.
- collector/nvd-historical
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/4.0-update4
- vendor/sendmail
- canonical/sendmail
- version/sendmail/8.13.1.2