Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sendmail空字符CA SSL证书验证安全绕过漏洞
Vulnerability Description
Sendmail是美国Sendmail公司的一款免费开源的邮件传输代理。 Sendmail早期版本到8.14.4版中存在安全绕过漏洞,该漏洞源于应用程序未正确验证签名CA证书的动态名字。攻击者可利用该漏洞把恶意的SSL证书替换为可信的SSL证书,攻击者成功利用该漏洞可执行中间人攻击或冒充可信的服务器,且有助于进一步攻击。
CVSS Information
N/A
Vulnerability Type
N/A