| VID |
18107 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The remote mail server is running a version of Sendmail earlier than 8.14.4. Such versions are reportedly affected by a flaw that may allow an attacker to spoof SSL certificates by using a NULL character in certain certificate fields.
A remote attacker may exploit this to perform a man-in-the-middle attack.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* Reference Sites :
http://www.sendmail.org/releases/8.14.4
* Platforms Affected :
Sendmail prior to 8.14.4,All platforms |
| Recommendation |
Upgrade to the Sendmail version 8.14.4 or the latest version from the Sendmail web site, http://www.sendmail.org |
| Related URL |
CVE-2009-4565 (CVE) |
| Related URL |
37543 (SecurityFocus) |
| Related URL |
(ISS) |
|
