ID CVE-2009-4565
Summary sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
Vulnerable Configurations
  • cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:4.55:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:5:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.7:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.7:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.13.8:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.13.8:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:-:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sendmail:sendmail:8.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:sendmail:sendmail:8.14.3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-29T04:04:04.004-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    family unix
    id oval:org.mitre.oval:def:10255
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    version 18
  • accepted 2015-04-20T04:00:10.363-04:00
    class vulnerability
    contributors
    • name Varun Narula
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
    family unix
    id oval:org.mitre.oval:def:11822
    status accepted
    submitted 2010-10-08T14:03:58.000-05:00
    title HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access.
    version 44
redhat via4
advisories
  • bugzilla
    id 552622
    title CVE-2009-4565 sendmail: incorrect verification of SSL certificate with NUL in name
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment sendmail is earlier than 0:8.13.8-8.el5
          oval oval:com.redhat.rhsa:tst:20100237002
        • comment sendmail is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100237003
      • AND
        • comment sendmail-cf is earlier than 0:8.13.8-8.el5
          oval oval:com.redhat.rhsa:tst:20100237006
        • comment sendmail-cf is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100237007
      • AND
        • comment sendmail-devel is earlier than 0:8.13.8-8.el5
          oval oval:com.redhat.rhsa:tst:20100237008
        • comment sendmail-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100237009
      • AND
        • comment sendmail-doc is earlier than 0:8.13.8-8.el5
          oval oval:com.redhat.rhsa:tst:20100237004
        • comment sendmail-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100237005
    rhsa
    id RHSA-2010:0237
    released 2010-03-30
    severity Low
    title RHSA-2010:0237: sendmail security and bug fix update (Low)
  • bugzilla
    id 552622
    title CVE-2009-4565 sendmail: incorrect verification of SSL certificate with NUL in name
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment sendmail is earlier than 0:8.13.1-6.el4
          oval oval:com.redhat.rhsa:tst:20110262002
        • comment sendmail is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070252003
      • AND
        • comment sendmail-cf is earlier than 0:8.13.1-6.el4
          oval oval:com.redhat.rhsa:tst:20110262008
        • comment sendmail-cf is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070252009
      • AND
        • comment sendmail-devel is earlier than 0:8.13.1-6.el4
          oval oval:com.redhat.rhsa:tst:20110262004
        • comment sendmail-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070252005
      • AND
        • comment sendmail-doc is earlier than 0:8.13.1-6.el4
          oval oval:com.redhat.rhsa:tst:20110262006
        • comment sendmail-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070252007
    rhsa
    id RHSA-2011:0262
    released 2011-02-16
    severity Low
    title RHSA-2011:0262: sendmail security and bug fix update (Low)
rpms
  • sendmail-0:8.13.8-8.el5
  • sendmail-cf-0:8.13.8-8.el5
  • sendmail-devel-0:8.13.8-8.el5
  • sendmail-doc-0:8.13.8-8.el5
  • sendmail-0:8.13.1-6.el4
  • sendmail-cf-0:8.13.1-6.el4
  • sendmail-devel-0:8.13.1-6.el4
  • sendmail-doc-0:8.13.1-6.el4
refmap via4
bid 37543
confirm http://www.sendmail.org/releases/8.14.4
debian DSA-1985
gentoo GLSA-201206-30
hp
  • HPSBUX02508
  • SSRT100007
secunia
  • 37998
  • 38314
  • 38915
  • 39088
  • 40109
  • 43366
sunalert 1021797
suse SUSE-SR:2010:006
vupen
  • ADV-2009-3661
  • ADV-2010-0719
  • ADV-2010-1386
  • ADV-2011-0415
statements via4
contributor Tomas Hoger
lastmodified 2010-01-21
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-4565 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Last major update 19-09-2017 - 01:29
Published 04-01-2010 - 21:30
Back to Top