From owner-freebsd-security@FreeBSD.ORG  Sat Jan 16 00:13:45 2010
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 199FD106566B
	for <freebsd-security@freebsd.org>;
	Sat, 16 Jan 2010 00:13:45 +0000 (UTC) (envelope-from oz@nixil.net)
Received: from nixil.net (nixil.net [161.58.222.1])
	by mx1.freebsd.org (Postfix) with ESMTP id D4C088FC24
	for <freebsd-security@freebsd.org>;
	Sat, 16 Jan 2010 00:13:44 +0000 (UTC)
Received: from demigorgon.corp.verio.net (fw.oremut02.us.wh.verio.net
	[198.65.168.24]) (authenticated bits=0)
	by nixil.net (8.13.6.20060614/8.13.6) with ESMTP id o0FNoWuQ046970
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <freebsd-security@freebsd.org>;
	Fri, 15 Jan 2010 16:50:39 -0700 (MST)
Message-ID: <4B50FF48.2070801@nixil.net>
Date: Fri, 15 Jan 2010 16:50:32 -0700
From: Phil Oleson <oz@nixil.net>
User-Agent: Thunderbird 2.0.0.21 (X11/20090619)
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.2
	(nixil.net [161.58.222.1]); Fri, 15 Jan 2010 16:50:40 -0700 (MST)
X-Virus-Scanned: clamav-milter 0.95.2 at nixil.net
X-Virus-Status: Clean
X-Mailman-Approved-At: Sat, 16 Jan 2010 02:32:05 +0000
Subject: sendmail 8.14.4 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2010 00:13:45 -0000

I'm seeing this in the release notes for the latest release of sendmail, plus a customers
PCI scan is reporting this as a problem.  I know many of these scans tend to do version 
string checks and don't actually check if the problem is possible to exploit, but I just
wanted your thoughts on if this is something the security team feels it needs to deal with
or not?

	-Phil.
  

8.14.4/8.14.4	2009/12/30
	SECURITY: Handle bogus certificates containing NUL characters
		in CNs by placing a string indicating a bad certificate
		in the {cn_subject} or {cn_issuer} macro.  Patch inspired
		by Matthias Andree's changes for fetchmail.