Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2009-4565

Published: 04/01/2010 Updated: 19/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sendmail

Vulnerability Summary

sendmail prior to 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle malicious users to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote malicious users to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vulnerable Product Search on Vulmon Subscribe to Product

sendmail sendmail 8.14.2

sendmail sendmail

sendmail sendmail 8.7.8

sendmail sendmail 8.7.7

sendmail sendmail 8.7.6

sendmail sendmail 8.13.4

sendmail sendmail 8.13.3

sendmail sendmail 8.12

sendmail sendmail 8.12.4

sendmail sendmail 8.12.3

sendmail sendmail 8.12.2

sendmail sendmail 8.11.4

sendmail sendmail 8.11.3

sendmail sendmail 8.10

sendmail sendmail 2.6

sendmail sendmail 5.61

sendmail sendmail 5.65

sendmail sendmail 8.9.3

sendmail sendmail 8.9.2

sendmail sendmail 8.7.10

sendmail sendmail 8.6.7

sendmail sendmail 8.13.2

sendmail sendmail 8.13.1.2

sendmail sendmail 8.12.9

sendmail sendmail 8.12.10

sendmail sendmail 8.12.1

sendmail sendmail 8.11.2

sendmail sendmail 8.11.1

sendmail sendmail 2.6.1

sendmail sendmail 3.0

sendmail sendmail 8.9.1

sendmail sendmail 8.9.0

sendmail sendmail 8.13.8

sendmail sendmail 8.13.7

sendmail sendmail 8.13.1

sendmail sendmail 8.13.0

sendmail sendmail 8.12.8

sendmail sendmail 8.12.7

sendmail sendmail 8.12.0

sendmail sendmail 8.11.7

sendmail sendmail 8.11.0

sendmail sendmail 8.10.2

sendmail sendmail 3.0.1

sendmail sendmail 4.1

sendmail sendmail 8.14.1

sendmail sendmail 8.8.8

sendmail sendmail 8.7.9

sendmail sendmail 8.13.6

sendmail sendmail 8.13.5

sendmail sendmail 8.12.6

sendmail sendmail 8.12.5

sendmail sendmail 8.11.6

sendmail sendmail 8.11.5

sendmail sendmail 8.10.1

sendmail sendmail 8.10.0

sendmail sendmail 5

sendmail sendmail 4.55

sendmail sendmail 5.59

Vendor Advisories

Red Hat: Low: sendmail security and bug fix update
Synopsis Low: sendmail security and bug fix update Type/Severity Security Advisory: Low Topic Updated sendmail packages that fix two security issues and several bugs arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact Common ...
Debian CVElist Bug Report Logs: CVE-2009-4565: does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate
Debian Bug report logs - #564581 CVE-2009-4565: does not properly handle a '\0' character in a Common Name (CN) field of an X509 certificate Package: sendmail; Maintainer for sendmail is Debian QA Group <packages@qadebianorg>; Source for sendmail is src:sendmail (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuc ...
Debian Security Advisories: DSA-1985-1 sendmail -- insufficient input validation
It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name (CN) field of an X509 certificate This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a cr ...

References

CWE-310http://www.securityfocus.com/bid/37543http://secunia.com/advisories/37998http://www.vupen.com/english/advisories/2009/3661http://www.sendmail.org/releases/8.14.4http://www.debian.org/security/2010/dsa-1985http://secunia.com/advisories/38314http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://secunia.com/advisories/38915http://marc.info/?l=bugtraq&m=126953289726317&w=2http://secunia.com/advisories/39088http://secunia.com/advisories/40109http://www.vupen.com/english/advisories/2010/1386http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1http://www.vupen.com/english/advisories/2010/0719http://www.redhat.com/support/errata/RHSA-2011-0262.htmlhttp://secunia.com/advisories/43366http://www.vupen.com/english/advisories/2011/0415http://security.gentoo.org/glsa/glsa-201206-30.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255https://access.redhat.com/errata/RHSA-2010:0237https://nvd.nist.govhttps://www.debian.org/security/./dsa-1985
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook