Computer Security
[EN] securityvulns.ru no-pyccku


Sendmail SSL certificate spoofing
Published:17.01.2010
Source:
SecurityVulns ID:10521
Type:m-i-t-m
Threat Level:
5/10
Description:It's possible to spoof SSL certificate by using NULL character in CN.
Affected:SENDMAIL : Sendmail 8.14
CVE:CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:003 ] sendmail (17.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod