CVE-2009-4565
published 2010-01-04CVE-2009-4565: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sendmail | < sendmail 8.14.3-9.1 (bookworm) | sendmail 8.14.3-9.1 (bookworm) |
| sendmail | sendmail | <= 8.14.3 | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
| sendmail | sendmail | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv5.9MEDIUM