sendmail: X.509 NULL spoofing vulnerability

2012-06-25T00:00:00
ID GLSA-201206-30
Type gentoo
Reporter Gentoo Foundation
Modified 2012-06-25T00:00:00

Description

Background

sendmail is a widely-used Mail Transport Agent (MTA).

Description

A vulnerability has been discovered in sendmail. Please review the CVE identifier referenced below for details.

Impact

A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using sendmail.

Workaround

There is no known workaround at this time.

Resolution

All sendmail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.4"