#VU67946 Security features bypass in Sendmail
Vulnerability identifier: #VU67946
Vulnerability risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Sendmail
Server applications /
Mail servers
Vendor: Proofpoint
Description
The vulnerability allows a remote attacker to disable TLS encryption.
The vulnerability exists due to an error related to SMTP session reuse. If sendmail tries to reuse an SMTP session which had already been closed by the server, then the connection cache can have invalid information about the session. As a result, STARTTLS is never used for the new session, even if offered by the peer.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Sendmail: 8.6.7 - 8.15.2
External links
http://bugzilla.redhat.com/show_bug.cgi?id=1313508
http://bugzilla.suse.com/show_bug.cgi?id=1164084
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
