Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1985-1
HistoryJan 31, 2010 - 12:00 a.m.

sendmail - insufficient input validation

2010-01-3100:00:00
Google
osv.dev
10
JSON

It was discovered that sendmail, a Mail Transport Agent, does not properly handle
a ‘\0’ character in a Common Name (CN) field of an X.509 certificate.

This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server
certificate issued by a legitimate Certification Authority, and to bypass intended
access restrictions via a crafted client certificate issued by a legitimate
Certification Authority.

For the oldstable distribution (etch), this problem has been fixed in
version 8.13.8-3+etch1

For the stable distribution (lenny), this problem has been fixed in
version 8.14.3-5+lenny1

For the unstable distribution (sid), this problem has been fixed in
version 8.14.3-9.1, and will migrate to the testing distribution (squeeze)
shortly.

We recommend that you upgrade your sendmail package.

CPENameOperatorVersion
sendmaileq8.14.3-5
JSON