CVE-2009-4565 sendmail

Metadata

high
7.5
sendmail
CVE-2009-4565
2017-06-18 07:03
CVE-2009-4565
2017-06-16 18:52
2017-04-01 19:11
2017-01-05 20:16

Description

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster sendmail 8.14.3-9.1
jessie sendmail 8.14.3-9.1
sid sendmail 8.14.3-9.1
stretch sendmail 8.14.3-9.1
wheezy sendmail 8.14.3-9.1