Sendmail SSL Certificate NULL Character Spoofing Vulnerability
Severity: HIGH
CVE Identifier: CVE-2009-4565
Advisory Date: JUL 21, 2015
DESCRIPTION
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003779
Trend Micro Deep Security DPI Rule Name: 1003779 - Null Truncation In X.509 Common Name Spoofing Vulnerability
AFFECTED SOFTWARE AND VERSION
- sendmail sendmail 2.6
- sendmail sendmail 2.6.1
- sendmail sendmail 3.0
- sendmail sendmail 3.0.1
- sendmail sendmail 4.1
- sendmail sendmail 4.55
- sendmail sendmail 5
- sendmail sendmail 5.59
- sendmail sendmail 5.61
- sendmail sendmail 5.65
- sendmail sendmail 8.10
- sendmail sendmail 8.10.0
- sendmail sendmail 8.10.1
- sendmail sendmail 8.10.2
- sendmail sendmail 8.11.0
- sendmail sendmail 8.11.1
- sendmail sendmail 8.11.2
- sendmail sendmail 8.11.3
- sendmail sendmail 8.11.4
- sendmail sendmail 8.11.5
- sendmail sendmail 8.11.6
- sendmail sendmail 8.11.7
- sendmail sendmail 8.12
- sendmail sendmail 8.12.0
- sendmail sendmail 8.12.1
- sendmail sendmail 8.12.10
- sendmail sendmail 8.12.2
- sendmail sendmail 8.12.3
- sendmail sendmail 8.12.4
- sendmail sendmail 8.12.5
- sendmail sendmail 8.12.6
- sendmail sendmail 8.12.7
- sendmail sendmail 8.12.8
- sendmail sendmail 8.12.9
- sendmail sendmail 8.13.0
- sendmail sendmail 8.13.1
- sendmail sendmail 8.13.1.2
- sendmail sendmail 8.13.2
- sendmail sendmail 8.13.3
- sendmail sendmail 8.13.4
- sendmail sendmail 8.13.5
- sendmail sendmail 8.13.6
- sendmail sendmail 8.13.7
- sendmail sendmail 8.13.8
- sendmail sendmail 8.14.1
- sendmail sendmail 8.14.2
- sendmail sendmail 8.14.3
- sendmail sendmail 8.6.7
- sendmail sendmail 8.7.10
- sendmail sendmail 8.7.6
- sendmail sendmail 8.7.7
- sendmail sendmail 8.7.8
- sendmail sendmail 8.7.9
- sendmail sendmail 8.8.8
- sendmail sendmail 8.9.0
- sendmail sendmail 8.9.1
- sendmail sendmail 8.9.2
- sendmail sendmail 8.9.3
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more