[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4565Date: (C)2010-01-04   (M)2024-02-22


sendmail before 8.14.4 does not properly handle a '' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SUNALERT-1021797
BID-37543
SECUNIA-37998
SECUNIA-38314
SECUNIA-38915
SECUNIA-39088
SECUNIA-40109
SECUNIA-43366
ADV-2009-3661
ADV-2010-0719
ADV-2010-1386
ADV-2011-0415
DSA-1985
GLSA-201206-30
HPSBUX02508
RHSA-2011:0262
SUSE-SR:2010:006
http://www.sendmail.org/releases/8.14.4
oval:org.mitre.oval:def:10255
oval:org.mitre.oval:def:11822

CPE    57
cpe:/a:sendmail:sendmail:8.12:beta12
cpe:/a:sendmail:sendmail:8.12:beta10
cpe:/a:sendmail:sendmail:8.10.1
cpe:/a:sendmail:sendmail:8.10.2
...
CWE    1
CWE-310
OVAL    7
oval:org.secpod.oval:def:100681
oval:org.mitre.oval:def:6719
oval:org.secpod.oval:def:100593
oval:org.secpod.oval:def:300111
...

© SecPod Technologies