{"id":"CVE-2009-4565","details":"sendmail before 8.14.4 does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.","modified":"2026-01-27T04:10:05.075725Z","published":"2010-01-04T21:30:00Z","withdrawn":"2026-01-27T04:10:05.075725Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/37998"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38314"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38915"},{"type":"ADVISORY","url":"http://secunia.com/advisories/39088"},{"type":"ADVISORY","url":"http://secunia.com/advisories/40109"},{"type":"ADVISORY","url":"http://secunia.com/advisories/43366"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-201206-30.xml"},{"type":"ADVISORY","url":"http://www.debian.org/security/2010/dsa-1985"},{"type":"FIX","url":"http://www.vupen.com/english/advisories/2009/3661"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/0719"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/1386"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0415"},{"type":"FIX","url":"http://www.sendmail.org/releases/8.14.4"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=126953289726317&w=2"},{"type":"WEB","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1"},{"type":"WEB","url":"http://www.redhat.com/support/errata/RHSA-2011-0262.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/37543"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10255"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11822"}],"schema_version":"1.7.3"}