7.5

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SendmailSendmail Version <= 8.14.3
SendmailSendmail Version2.6
SendmailSendmail Version2.6.1
SendmailSendmail Version3.0
SendmailSendmail Version3.0.1
SendmailSendmail Version4.1
SendmailSendmail Version4.55
SendmailSendmail Version5
SendmailSendmail Version5.59
SendmailSendmail Version5.61
SendmailSendmail Version5.65
SendmailSendmail Version8.6.7
SendmailSendmail Version8.7.6
SendmailSendmail Version8.7.7
SendmailSendmail Version8.7.8
SendmailSendmail Version8.7.9
SendmailSendmail Version8.7.10
SendmailSendmail Version8.8.8
SendmailSendmail Version8.9.0
SendmailSendmail Version8.9.1
SendmailSendmail Version8.9.2
SendmailSendmail Version8.9.3
SendmailSendmail Version8.10
SendmailSendmail Version8.10.0
SendmailSendmail Version8.10.1
SendmailSendmail Version8.10.2
SendmailSendmail Version8.11.0
SendmailSendmail Version8.11.1
SendmailSendmail Version8.11.2
SendmailSendmail Version8.11.3
SendmailSendmail Version8.11.4
SendmailSendmail Version8.11.5
SendmailSendmail Version8.11.6
SendmailSendmail Version8.11.7
SendmailSendmail Version8.12 Updatebeta10
SendmailSendmail Version8.12 Updatebeta12
SendmailSendmail Version8.12 Updatebeta16
SendmailSendmail Version8.12 Updatebeta5
SendmailSendmail Version8.12 Updatebeta7
SendmailSendmail Version8.12.0
SendmailSendmail Version8.12.1
SendmailSendmail Version8.12.2
SendmailSendmail Version8.12.3
SendmailSendmail Version8.12.4
SendmailSendmail Version8.12.5
SendmailSendmail Version8.12.6
SendmailSendmail Version8.12.7
SendmailSendmail Version8.12.8
SendmailSendmail Version8.12.9
SendmailSendmail Version8.12.10
SendmailSendmail Version8.13.0
SendmailSendmail Version8.13.1
SendmailSendmail Version8.13.1.2
SendmailSendmail Version8.13.2
SendmailSendmail Version8.13.3
SendmailSendmail Version8.13.4
SendmailSendmail Version8.13.5
SendmailSendmail Version8.13.6
SendmailSendmail Version8.13.7
SendmailSendmail Version8.13.8
SendmailSendmail Version8.14.1
SendmailSendmail Version8.14.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://secunia.com/advisories/38915
http://marc.info/?l=bugtraq&m=126953289726317&w=2
http://secunia.com/advisories/37998
Vendor Advisory
http://secunia.com/advisories/38314
http://secunia.com/advisories/39088
http://secunia.com/advisories/40109
http://secunia.com/advisories/43366
http://security.gentoo.org/glsa/glsa-201206-30.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1
http://www.debian.org/security/2010/dsa-1985
http://www.redhat.com/support/errata/RHSA-2011-0262.html
http://www.securityfocus.com/bid/37543
http://www.sendmail.org/releases/8.14.4
Patch
http://www.vupen.com/english/advisories/2009/3661
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0719
http://www.vupen.com/english/advisories/2010/1386
http://www.vupen.com/english/advisories/2011/0415
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822