Original released date: 18 Jan 2010
Last revised: 18 Jan 2010
Summary: man-in-the-middle attack
Sendmail is a Mail Transport Agent, which is the program that moves mail
from one machine to another.
sendmail before 8.14.4 does not properly handle a '\0' (NUL)
character in a Common Name (CN) field of an X.509 certificate, which
(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based
SMTP servers via a crafted server certificate issued by a legitimate
Certification Authority, and (2) allows remote attackers to bypass
intended access restrictions via a crafted client certificate issued by
a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-4565).
- Turbolinux Appliance Server 2.0
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server