DSA-1985 sendmail -- insufficient input validationID: oval:org.mitre.oval:def:6719 | Date: (C)2010-05-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
It was discovered that sendmail, a Mail Transport Agent, does not properly handle a "\0" character in a Common Name field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
Platform: |
Debian 5.0 |
Debian 4.0 |