CVE-2009-4565

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-4565 at MITRE

Description

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

NVD CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 568017

SUSE Security Advisories:

SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.0	`sendmail-debuginfo >= 8.14.3-8.2` `sendmail-debugsource >= 8.14.3-8.2`
openSUSE 11.0	`rmail >= 8.14.3-8.2` `sendmail >= 8.14.3-8.2` `sendmail-devel >= 8.14.3-8.2`
openSUSE 11.1	`sendmail-debuginfo >= 8.14.3-50.10.1` `sendmail-debugsource >= 8.14.3-50.10.1`
openSUSE 11.1	`rmail >= 8.14.3-50.10.1` `sendmail >= 8.14.3-50.10.1` `sendmail-devel >= 8.14.3-50.10.1`
openSUSE 11.2	`rmail-debuginfo >= 8.14.3-51.5.1` `sendmail-debuginfo >= 8.14.3-51.5.1` `sendmail-debugsource >= 8.14.3-51.5.1`
openSUSE 11.2	`rmail >= 8.14.3-51.5.1` `sendmail >= 8.14.3-51.5.1` `sendmail-devel >= 8.14.3-51.5.1`
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`sendmail >= 8.13.6-9.18.1`	sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86 sle10-sp3-sdk.ppc sles10-sp3.ia64 sled10-sp3.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86-64 sles10-sp3.x86-64 sles10-sp3.s390x sles10-sp3-debuginfo.ppc sles10-sp3.ppc ZYPP Patch Nr: 6860
SUSE Linux Enterprise Server 10 SP3 DEBUGINFO	`sendmail-debuginfo >= 8.13.6-9.18.1`	sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86 sle10-sp3-sdk.ppc sles10-sp3.ia64 sled10-sp3.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86-64 sles10-sp3.x86-64 sles10-sp3.s390x sles10-sp3-debuginfo.ppc sles10-sp3.ppc ZYPP Patch Nr: 6860
SUSE Linux Enterprise SDK 10 SP3	`sendmail-devel >= 8.13.6-9.18.1` `uucp >= 1.07-268.18.1`	sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86 sle10-sp3-sdk.ppc sles10-sp3.ia64 sled10-sp3.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86-64 sles10-sp3.x86-64 sles10-sp3.s390x sles10-sp3-debuginfo.ppc sles10-sp3.ppc ZYPP Patch Nr: 6860
SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3	`sendmail >= 8.13.6-9.18.1` `sendmail-devel >= 8.13.6-9.18.1` `uucp >= 1.07-268.18.1`	sle10-sp3-sdk.ia64 sle10-sp3-sdk.x86 sled10-sp3.x86 sles10-sp3-debuginfo.s390x sle10-sp3-sdk.x86-64 sles10-sp3-debuginfo.x86 sles10-sp3.x86 sle10-sp3-sdk.ppc sles10-sp3.ia64 sled10-sp3.x86-64 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86-64 sles10-sp3.x86-64 sles10-sp3.s390x sles10-sp3-debuginfo.ppc sles10-sp3.ppc ZYPP Patch Nr: 6860
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`sendmail-debuginfo >= 8.13.6-9.18.1`	sles10-sp2-debuginfo.ia64 sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86 sled10-sp2.x86-64 sle10-sp2-sdk.ia64 sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.ia64 sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.ppc sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86 sle10-sp2-sdk.x86-64 sles10-sp2-debuginfo.s390x sles10-sp2.ppc sles10-sp2.x86-64 ZYPP Patch Nr: 6859
SUSE Linux Enterprise Server for SAP 10 SP2	`sendmail >= 8.13.6-9.18.1` `sendmail-devel >= 8.13.6-9.18.1` `uucp >= 1.07-268.16.1`	sles10-sp2-debuginfo.ia64 sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86 sled10-sp2.x86-64 sle10-sp2-sdk.ia64 sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.ia64 sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.ppc sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86 sle10-sp2-sdk.x86-64 sles10-sp2-debuginfo.s390x sles10-sp2.ppc sles10-sp2.x86-64 ZYPP Patch Nr: 6859
SUSE Linux Enterprise SDK 10 SP2	`sendmail-devel >= 8.13.6-9.18.1` `uucp >= 1.07-268.16.1`	sles10-sp2-debuginfo.ia64 sles10-sp2.x86 sles10-sp2.s390x sled10-sp2.x86 sled10-sp2.x86-64 sle10-sp2-sdk.ia64 sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.ia64 sles10-sp2-debuginfo.x86 sles10-sp2-debuginfo.ppc sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86 sle10-sp2-sdk.x86-64 sles10-sp2-debuginfo.s390x sles10-sp2.ppc sles10-sp2.x86-64 ZYPP Patch Nr: 6859
Open Enterprise Server	`sendmail >= 8.12.11-2.16` `sendmail-devel >= 8.12.11-2.13` `uucp >= 1.07-225.19`	sles9-oes.x86 core9.x86 core9.ppc core9.x86-64 core9.ia64 core9.s390x sles9-nlpos.x86 core9.s390 YOU Patch Nr: 12590
SUSE Linux Enterprise 11 GA DEBUGINFO	`sendmail-debuginfo >= 8.14.3-50.20.1` `sendmail-debugsource >= 8.14.3-50.20.1`	sles11.x86-64 sle11-sdk.x86-64 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sle11-debuginfo.x86-64 sles11.ia64 sles11.s390x sle11-debuginfo.ppc sle11-debuginfo.x86 sle11-sdk.ia64 sles11.x86 sles11.ppc SAT Patch Nr: 2021
SUSE Linux Enterprise SDK 11 GA	`sendmail-devel >= 8.14.3-50.20.1`	sles11.x86-64 sle11-sdk.x86-64 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sle11-debuginfo.x86-64 sles11.ia64 sles11.s390x sle11-debuginfo.ppc sle11-debuginfo.x86 sle11-sdk.ia64 sles11.x86 sles11.ppc SAT Patch Nr: 2021
SUSE Linux Enterprise Server 11 GA	`sendmail >= 8.14.3-50.20.1`	sles11.x86-64 sle11-sdk.x86-64 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.ppc sle11-sdk.x86 sle11-sdk.s390x sle11-debuginfo.x86-64 sles11.ia64 sles11.s390x sle11-debuginfo.ppc sle11-debuginfo.x86 sle11-sdk.ia64 sles11.x86 sles11.ppc SAT Patch Nr: 2021

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy