Sendmail is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successfully exploiting this issue allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Versions prior to Sendmail 8.14.4 are vulnerable.
Updates are available. Please see the references for more information.
- Ipswitch IMail Server Multiple Local Privilege Escalation Vulnerabilities
- SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
- Exchange XEXCH50 Remote Buffer Overflow
- CMailServer ActiveX Control Multiple Buffer Overflow Vulnerabilities
- Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability