CVE-2009-4565

Name of the Vulnerable Software and Affected Versions sendmail versions prior to 8.14.4

Description The issue allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority. It also allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority. This is related to the handling of a '0' character in a Common Name (CN) field of an X.509 certificate.

Recommendations For sendmail versions prior to 8.14.4, update to version 8.14.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of SSL-based SMTP servers and client certificates until a patch is applied. Avoid using crafted server or client certificates that may exploit this issue.