Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing
High Nessus Plugin ID 43637
SynopsisThe remote mail server is susceptible to a man-in-the-middle attack.
DescriptionThe remote mail server is running a version of Sendmail earlier than 8.14.4. Such versions are reportedly affected by a flaw that may allow an attacker to spoof SSL certificates by using a NULL character in certain certificate fields.
A remote attacker may exploit this to perform a man-in-the-middle attack.
SolutionUpgrade to Sendmail 8.14.4 or later.