Lucene search

[email protected]NVD:CVE-2009-4565

HistoryJan 04, 2010 - 9:30 p.m.

CVE-2009-4565

2010-01-0421:30:00

CWE-310

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON

sendmail before 8.14.4 does not properly handle a ‘\0’ character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Affected configurations

NVD

Node

sendmailsendmailRange≤8.14.3

sendmailsendmailMatch2.6

sendmailsendmailMatch2.6.1

sendmailsendmailMatch3.0

sendmailsendmailMatch3.0.1

sendmailsendmailMatch4.1

sendmailsendmailMatch4.55

sendmailsendmailMatch5

sendmailsendmailMatch5.59

sendmailsendmailMatch5.61

sendmailsendmailMatch5.65

sendmailsendmailMatch8.6.7

sendmailsendmailMatch8.7.6

sendmailsendmailMatch8.7.7

sendmailsendmailMatch8.7.8

sendmailsendmailMatch8.7.9

sendmailsendmailMatch8.7.10

sendmailsendmailMatch8.8.8

sendmailsendmailMatch8.9.0

sendmailsendmailMatch8.9.1

sendmailsendmailMatch8.9.2

sendmailsendmailMatch8.9.3

sendmailsendmailMatch8.10

sendmailsendmailMatch8.10.0

sendmailsendmailMatch8.10.1

sendmailsendmailMatch8.10.2

sendmailsendmailMatch8.11.0

sendmailsendmailMatch8.11.1

sendmailsendmailMatch8.11.2

sendmailsendmailMatch8.11.3

sendmailsendmailMatch8.11.4

sendmailsendmailMatch8.11.5

sendmailsendmailMatch8.11.6

sendmailsendmailMatch8.11.7

sendmailsendmailMatch8.12beta10

sendmailsendmailMatch8.12beta12

sendmailsendmailMatch8.12beta16

sendmailsendmailMatch8.12beta5

sendmailsendmailMatch8.12beta7

sendmailsendmailMatch8.12.0

sendmailsendmailMatch8.12.1

sendmailsendmailMatch8.12.2

sendmailsendmailMatch8.12.3

sendmailsendmailMatch8.12.4

sendmailsendmailMatch8.12.5

sendmailsendmailMatch8.12.6

sendmailsendmailMatch8.12.7

sendmailsendmailMatch8.12.8

sendmailsendmailMatch8.12.9

sendmailsendmailMatch8.12.10

sendmailsendmailMatch8.13.0

sendmailsendmailMatch8.13.1

sendmailsendmailMatch8.13.1.2

sendmailsendmailMatch8.13.2

sendmailsendmailMatch8.13.3

sendmailsendmailMatch8.13.4

sendmailsendmailMatch8.13.5

sendmailsendmailMatch8.13.6

sendmailsendmailMatch8.13.7

sendmailsendmailMatch8.13.8

sendmailsendmailMatch8.14.1

sendmailsendmailMatch8.14.2

References

lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

marc.info/?l=bugtraq&m=126953289726317&w=2

secunia.com/advisories/37998

secunia.com/advisories/38314

secunia.com/advisories/38915

secunia.com/advisories/39088

secunia.com/advisories/40109

secunia.com/advisories/43366

security.gentoo.org/glsa/glsa-201206-30.xml

sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1

www.debian.org/security/2010/dsa-1985

www.redhat.com/support/errata/RHSA-2011-0262.html

www.securityfocus.com/bid/37543

www.sendmail.org/releases/8.14.4

www.vupen.com/english/advisories/2009/3661

www.vupen.com/english/advisories/2010/0719

www.vupen.com/english/advisories/2010/1386

www.vupen.com/english/advisories/2011/0415

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for NVD:CVE-2009-4565

openvas49 debiancve9 cve15 securityvulns5 nessus52 ubuntucve7 cvelist15 prion16 aix1 checkpoint_advisories1 fedora2 exploitdb1 threatpost1 nvd11 veracode2 seebug3 mozilla1 debian2 gentoo1 redhat1 f53 amazon1