sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
Sendmail
  • Sendmail

Configuration 1 [-]

OR cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.1.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.14.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.14.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
sendmail-0:8.13.1-6.el4 cpe:/o:redhat:enterprise_linux:4 RHSA-2011:0262 2011-02-16T00:00:00Z
Red Hat Enterprise Linux 5
sendmail-0:8.13.8-8.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2010:0237 2010-03-29T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=126953289726317&w=2 cve-icon cve-icon
http://secunia.com/advisories/37998 cve-icon cve-icon
http://secunia.com/advisories/38314 cve-icon cve-icon
http://secunia.com/advisories/38915 cve-icon cve-icon
http://secunia.com/advisories/39088 cve-icon cve-icon
http://secunia.com/advisories/40109 cve-icon cve-icon
http://secunia.com/advisories/43366 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201206-30.xml cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-1985 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-0262.html cve-icon cve-icon
http://www.securityfocus.com/bid/37543 cve-icon cve-icon
http://www.sendmail.org/releases/8.14.4 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3661 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0719 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1386 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0415 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-4565 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-4565 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-04T21:00:00

Updated: 2024-08-07T07:08:38.091Z

Reserved: 2010-01-04T00:00:00

Link: CVE-2009-4565

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-01-04T21:30:00.640

Modified: 2017-09-19T01:29:59.750

Link: CVE-2009-4565

cve-icon Redhat

Severity : Low

Publid Date: 2009-12-30T00:00:00Z

Links: CVE-2009-4565 - Bugzilla