Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

http://www.securityfocus.com/bid/37543

"Sendmail is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA
certificate, allowing attackers to substitute malicious SSL certificates
for trusted ones.

Successfully exploiting this issue allows attackers to perform
man-in-the-middle attacks or impersonate trusted servers, which will aid
in further attacks.

Versions prior to Sendmail 8.14.4 are vulnerable."

For RHEL, this was fixed in sendmail-8.13.8-6.el5, although the latest
version available is sendmail-8.13.8-8.el5. This is also known as
CVE-2009-4565 if you want to look in your version of sendmail:

$ rpm -q --changelog sendmail | grep CVE-2009-4565

It is recommended that Sendmail be updated to 8.14.4 or comparable to
fix this vulnerability. Please let me know if your systems are
vulnerable to this issue.

Thanks,
Brian