icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing

Medium

Synopsis

The remote host is vulnerable to a man-in-the-middle attack.

Description

The remote mail server is running a version of Sendmail earlier than 8.14.4. Such versions are potentially affected by a flaw that my allow an attacker to spoof SSL certificates by using a NULL character in certain certificate fields.

Solution

Upgrade to Sendmail 8.14.4 or later.