Executive Summary

Informations
NameCVE-2009-4565First vendor Publication2010-01-04
VendorCveLast vendor Modification2017-09-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565

CWE : Common Weakness Enumeration

%idName
100 %CWE-310Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6719
 
Oval ID: oval:org.mitre.oval:def:6719
Title: DSA-1985 sendmail -- insufficient input validation
Description: It was discovered that sendmail, a Mail Transport Agent, does not properly handle a "\0" character in a Common Name field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
Family: unix Class: patch
Reference(s): DSA-1985
CVE-2009-4565
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22058
 
Oval ID: oval:org.mitre.oval:def:22058
Title: RHSA-2010:0237: sendmail security and bug fix update (Low)
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): RHSA-2010:0237-05
CVE-2006-7176
CVE-2009-4565
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20232
 
Oval ID: oval:org.mitre.oval:def:20232
Title: DSA-1985-1 sendmail - insufficient input validation
Description: It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate.
Family: unix Class: patch
Reference(s): DSA-1985-1
CVE-2009-4565
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11822
 
Oval ID: oval:org.mitre.oval:def:11822
Title: HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4565
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10255
 
Oval ID: oval:org.mitre.oval:def:10255
Title: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4565
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23064
 
Oval ID: oval:org.mitre.oval:def:23064
Title: ELSA-2010:0237: sendmail security and bug fix update (Low)
Description: sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Family: unix Class: patch
Reference(s): ELSA-2010:0237-05
CVE-2006-7176
CVE-2009-4565
Version: 13
Platform(s): Oracle Linux 5
Product(s): sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27847
 
Oval ID: oval:org.mitre.oval:def:27847
Title: DEPRECATED: ELSA-2010-0237 -- sendmail security and bug fix update (low)
Description: [8.13.8-8] - rpm attributes S,5,T not recorded for statistics file [8.13.8-7] - fix specfile for passing rpm -V test (#555277) [8.13.8-6.el5] - fix verification of SSL certificate with NUL in name (#553618, CVE-2009-4565) - do not accept localhost.localdomain as valid address from smtp (#449391) - skip colon separator when parsing service name in ServiceSwitchFile (#512871) - exit with non-zero error code when free space is low (#299951) - fix -qG description in man page (#250552) - fix comments in sendmail.mc to use correct certs path (#244012) - add MTA to provides (#494408) - fix %dist macro use (#440616) - compile with -fno-strict-aliasing - skip t-sem test as it doesn't allow parallel testing
Family: unix Class: patch
Reference(s): ELSA-2010-0237
CVE-2006-7176
CVE-2009-4565
Version: 4
Platform(s): Oracle Linux 5
Product(s): sendmail
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application72

OpenVAS Exploits

DateDescription
2012-08-10Name : Gentoo Security Advisory GLSA 201206-30 (sendmail)
File : nvt/glsa_201206_30.nasl
2011-02-18Name : RedHat Update for sendmail RHSA-2011:0262-01
File : nvt/gb_RHSA-2011_0262-01_sendmail.nasl
2010-06-25Name : Fedora Update for sendmail FEDORA-2010-5470
File : nvt/gb_fedora_2010_5470_sendmail_fc12.nasl
2010-06-18Name : Fedora Update for sendmail FEDORA-2010-5399
File : nvt/gb_fedora_2010_5399_sendmail_fc11.nasl
2010-04-06Name : RedHat Update for sendmail RHSA-2010:0237-05
File : nvt/gb_RHSA-2010_0237-05_sendmail.nasl
2010-03-31Name : HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508
File : nvt/gb_hp_ux_HPSBUX02508.nasl
2010-01-19Name : Mandriva Update for sendmail MDVSA-2010:003 (sendmail)
File : nvt/gb_mandriva_MDVSA_2010_003.nasl
2010-01-04Name : Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnera...
File : nvt/sendmail_37543.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
62373Sendmail X.509 Certificate Null Character MiTM Spoofing Weakness

Information Assurance Vulnerability Management (IAVM)

DateDescription
2010-01-07IAVM : 2010-A-0002 - Sendmail SSL Certificate Validation Vulnerability
Severity : Category I - VMSKEY : V0022182

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0262.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72510.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72515.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72528.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72834.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72835.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72836.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ72837.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ70637.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_sendmail_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110216_sendmail_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-30.nasl - Type : ACT_GATHER_INFO
2011-04-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0262.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sendmail-6860.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5399.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-5470.nasl - Type : ACT_GATHER_INFO
2010-05-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0237.nasl - Type : ACT_GATHER_INFO
2010-03-02Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12590.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote SuSE 11 host is missing a security update.
File : suse_11_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote openSUSE host is missing a security update.
File : suse_11_1_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote openSUSE host is missing a security update.
File : suse_11_0_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote openSUSE host is missing a security update.
File : suse_11_2_rmail-100218.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sendmail-6859.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1985.nasl - Type : ACT_GATHER_INFO
2010-01-13Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-003.nasl - Type : ACT_GATHER_INFO
2010-01-05Name : The remote mail server is susceptible to a man-in-the-middle attack.
File : sendmail_8_14_4.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/37543
CONFIRM http://www.sendmail.org/releases/8.14.4
DEBIAN http://www.debian.org/security/2010/dsa-1985
GENTOO http://security.gentoo.org/glsa/glsa-201206-30.xml
HP http://marc.info/?l=bugtraq&m=126953289726317&w=2
REDHAT http://www.redhat.com/support/errata/RHSA-2011-0262.html
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
VUPEN http://www.vupen.com/english/advisories/2009/3661
http://www.vupen.com/english/advisories/2010/0719
http://www.vupen.com/english/advisories/2010/1386
http://www.vupen.com/english/advisories/2011/0415

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2017-09-19 09:23:32
  • Multiple Updates
2016-04-26 19:22:05
  • Multiple Updates
2014-02-17 10:52:49
  • Multiple Updates
2013-11-11 12:38:30
  • Multiple Updates
2013-05-11 00:03:52
  • Multiple Updates
2013-04-05 13:18:36
  • Multiple Updates