Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-4565
HistoryJan 04, 2010 - 12:00 a.m.

CVE-2009-4565

2010-01-0400:00:00
ubuntu.com
ubuntu.com
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.8%

sendmail before 8.14.4 does not properly handle a ‘\0’ character in a
Common Name (CN) field of an X.509 certificate, which (1) allows
man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a
crafted server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended access restrictions via
a crafted client certificate issued by a legitimate Certification
Authority, a related issue to CVE-2009-2408.

Bugs

Notes

Author Note
mdeslaur sendmail is in main only for libmilter, all other binary packages are in universe. This flaw affects sendmail packages in universe.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.8%