Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing

Medium

Synopsis

The remote host is vulnerable to a man-in-the-middle attack.

Description

The remote mail server is running a version of Sendmail earlier than 8.14.4. Such versions are potentially affected by a flaw that my allow an attacker to spoof SSL certificates by using a NULL character in certain certificate fields.

Solution

Upgrade to Sendmail 8.14.4 or later.