From owner-freebsd-security@FreeBSD.ORG Sun Jun 11 12:34:47 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 768EB16A418 for ; Sun, 11 Jun 2006 12:34:47 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from secnap2.secnap.com (secnap2.secnap.com [204.89.241.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20BC343D48 for ; Sun, 11 Jun 2006 12:34:46 +0000 (GMT) (envelope-from scheidell@secnap.net) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Sun, 11 Jun 2006 08:34:46 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Anyone running ntop on FBSD5.4 Thread-Index: AcaMsLZc/F4ago2ETXSnrGT9gJJ26QAonOrQ From: "Michael Scheidell" To: Subject: Anyone running ntop on FBSD5.4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 12:34:47 -0000 If you are running ntop on 5.4, what compile options? Use ports version? Or surgefile tarball? It makes a great security forensics tools, but I can't get it to stop segfaulting.Was wondering if anyone found a fix for it. --=20 Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Take a vacation from spam: http://www.spammertrap.com From owner-freebsd-security@FreeBSD.ORG Sun Jun 11 16:35:21 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D1F716A52A for ; Sun, 11 Jun 2006 16:35:21 +0000 (UTC) (envelope-from forrie@forrie.com) Received: from forrie.com (c-24-62-224-60.hsd1.nh.comcast.net [24.62.224.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A6FE43D5E for ; Sun, 11 Jun 2006 16:35:20 +0000 (GMT) (envelope-from forrie@forrie.com) Received: from [192.168.1.98] (monster.forrie.com [192.168.1.98]) (authenticated bits=0) by forrie.com (8.13.6/8.13.6) with ESMTP id k5BGZfBr047637 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 11 Jun 2006 12:35:41 -0400 (EDT) (envelope-from forrie@forrie.com) Message-ID: <448C46BD.8060203@forrie.com> Date: Sun, 11 Jun 2006 12:37:17 -0400 From: Forrest Aldrich User-Agent: Thunderbird 1.5.0.4 (Windows/20060603) MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.2/1524/Fri Jun 9 17:28:03 2006 on mail.forrie.com X-Virus-Status: Clean X-Mailman-Approved-At: Sun, 11 Jun 2006 19:00:40 +0000 Subject: Kerberos5 / Heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 16:35:21 -0000 I have FreeBSD-6.1 and it appears the default installation has a full complement of Kerberos5. But, /usr/src/kerberos5/README states: This subtree is world-exportable, as it does not contain any cryptographic code. At the time of writing, it did not even contain source code, only Makefiles and headers. Please maintain this "exportable" status quo. Thanks! MarkM markm@freebsd.org 20th Sept 1997 I'm guessing the README is a bit out-of-date... The HANDBOOK suggests more needs to be obtained from the security/heimdal port. I see all the libraries in /usr/lib etc., so which is it... do we have a full install as a part of 6.1 or is the security/heimdal still needed to bring it up to speed. _F From owner-freebsd-security@FreeBSD.ORG Sun Jun 11 19:38:43 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3BAD16A41A for ; Sun, 11 Jun 2006 19:38:43 +0000 (UTC) (envelope-from mailings@xrx.nl) Received: from secure-mail-1.signet.nl (secure-mail-1.signet.nl [217.21.241.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5378943D48 for ; Sun, 11 Jun 2006 19:38:42 +0000 (GMT) (envelope-from mailings@xrx.nl) Received: from localhost (localhost [127.0.0.1]) by secure-mail-1.signet.nl (Postfix) with ESMTP id 2288421CAF4 for ; Sun, 11 Jun 2006 21:38:41 +0200 (CEST) Received: from secure-mail-1.signet.nl ([127.0.0.1]) by localhost (secure-mail-1.signet.nl [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52310-01 for ; Sun, 11 Jun 2006 21:38:39 +0200 (CEST) Received: from [127.0.0.1] (lasagna.remcobressers.nl [217.21.248.102]) by secure-mail-1.signet.nl (Postfix) with ESMTP id 5887D21CA31 for ; Sun, 11 Jun 2006 21:38:39 +0200 (CEST) Message-ID: <448C714F.5080503@xrx.nl> Date: Sun, 11 Jun 2006 21:38:55 +0200 From: Remco Bressers User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Anyone running ntop on FBSD5.4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 19:38:43 -0000 >If you are running ntop on 5.4, what compile options? >Use ports version? Or surgefile tarball? > >It makes a great security forensics tools, but I can't get it to stop >segfaulting.Was wondering if anyone found a fix for it. > I had the same problems on FreeBSD 5.4. Ntop keeps segfaulting. After an upgrade to 6.0-RELEASE it works flawlessly. No clue what the problem was :o). Regards, Remco Bressers From owner-freebsd-security@FreeBSD.ORG Sun Jun 11 23:28:41 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D76DD16A41B for ; Sun, 11 Jun 2006 23:28:41 +0000 (UTC) (envelope-from talonz@gmail.com) Received: from mail.richardflanagan.com.au (gateway.richardflanagan.com.au [203.149.71.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75A2943D45 for ; Sun, 11 Jun 2006 23:28:41 +0000 (GMT) (envelope-from talonz@gmail.com) Received: from [203.222.143.176] (unknown [203.222.143.176]) by mail.richardflanagan.com.au (Postfix) with ESMTP id 0F24E218B78; Mon, 12 Jun 2006 09:29:03 +1000 (EST) Message-ID: <448CA6F8.6030005@gmail.com> Date: Mon, 12 Jun 2006 09:27:52 +1000 From: talonz User-Agent: Thunderbird 1.5.0.2 (X11/20060515) MIME-Version: 1.0 To: Remco Bressers References: <448C714F.5080503@xrx.nl> In-Reply-To: <448C714F.5080503@xrx.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Anyone running ntop on FBSD5.4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jun 2006 23:28:41 -0000 Remco Bressers wrote: > >> If you are running ntop on 5.4, what compile options? >> Use ports version? Or surgefile tarball? >> >> It makes a great security forensics tools, but I can't get it to stop >> segfaulting.Was wondering if anyone found a fix for it. >> > I had the same problems on FreeBSD 5.4. Ntop keeps segfaulting. After an > upgrade to 6.0-RELEASE it works flawlessly. > No clue what the problem was :o). > I had this same problem as well. disable ipv6 or tcp6 using the ntop flags found in the manual page (man 8 ntop) worked well for me. Jason M From owner-freebsd-security@FreeBSD.ORG Mon Jun 12 12:04:29 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A753D16A41F for ; Mon, 12 Jun 2006 12:04:29 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from secnap2.secnap.com (secnap2.secnap.com [204.89.241.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D36643D4C for ; Mon, 12 Jun 2006 12:04:29 +0000 (GMT) (envelope-from scheidell@secnap.net) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Mon, 12 Jun 2006 08:04:28 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Anyone running ntop on FBSD5.4 Thread-Index: AcaNru/ctWYsbcN3RWePt4ff2VYFsAAaDlIg From: "Michael Scheidell" To: "talonz" Cc: freebsd-security@freebsd.org Subject: RE: Anyone running ntop on FBSD5.4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jun 2006 12:04:29 -0000 > -----Original Message----- > From: owner-freebsd-security@freebsd.org=20 > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of talonz > Sent: Sunday, June 11, 2006 7:28 PM > To: Remco Bressers > Cc: freebsd-security@freebsd.org > Subject: Re: Anyone running ntop on FBSD5.4 >=20 >=20 > Remco Bressers wrote: > I had this same problem as well. disable ipv6 or tcp6 using the ntop=20 > flags found in the manual page (man 8 ntop) worked well for me. >=20 Strange, its already disabled in ports in the config. # we currently disable IPv6 CONFIGURE_ARGS+=3D--disable-ipv6 Tried -4, still, when I go to Summary->Traffic page, when it finally gets to bottom, it segv's Gdb shows it in myrrd library. Working with ntop people now to trace it down. Looks like there has been a long history of failures with ntop going back to 4.xx. Maybe it can finally be fixed. From owner-freebsd-security@FreeBSD.ORG Wed Jun 14 09:27:26 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E34AF16A41A for ; Wed, 14 Jun 2006 09:27:26 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E95543D53 for ; Wed, 14 Jun 2006 09:27:25 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from Andro-Beta.Leidinger.net (p54A5DA8D.dip.t-dialin.net [84.165.218.141]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.4/8.13.4) with ESMTP id k5E9MQma074822; Wed, 14 Jun 2006 11:22:27 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.4/8.13.3) with ESMTP id k5E9QAXg027190; Wed, 14 Jun 2006 11:26:10 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Wed, 14 Jun 2006 11:26:09 +0200 Message-ID: <20060614112609.fhyc78zao0ooc8wk@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 14 Jun 2006 11:26:09 +0200 From: Alexander Leidinger To: Forrest Aldrich References: <448C46BD.8060203@forrie.com> In-Reply-To: <448C46BD.8060203@forrie.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1) / FreeBSD-4.11 X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Wed, 14 Jun 2006 11:27:56 +0000 Cc: freebsd-security@freebsd.org Subject: Re: Kerberos5 / Heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 09:27:27 -0000 Quoting Forrest Aldrich (from Sun, 11 Jun 2006 =20 12:37:17 -0400): > I have FreeBSD-6.1 and it appears the default installation has a full > complement of Kerberos5. But, /usr/src/kerberos5/README states: > > This subtree is world-exportable, as it does not contain any > cryptographic code. > > At the time of writing, it did not even contain source code, only > Makefiles and headers. > > Please maintain this "exportable" status quo. > > Thanks! > > MarkM > markm@freebsd.org > 20th Sept 1997 > > > I'm guessing the README is a bit out-of-date... Yes, the USA changed the export restrictions and we're able to export =20 crypto code to the world. > The HANDBOOK suggests more needs to be obtained from the > security/heimdal port. The port allows you to add support for LDAP, cracklib and builds X11 =20 tools if desired. > I see all the libraries in /usr/lib etc., so which is it... do we have > a full install as a part of 6.1 or is the security/heimdal still needed > to bring it up to speed. If you don't need the above menioned features, you don't need to =20 install the port. Bye, Alexander. --=20 Selling GoodYear Eagle F1 235/40ZR18, 2x 4mm + 2x 5mm, ~150 EUR you have to pick it up between Germany/Saarland and Luxembourg/Capellen http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-security@FreeBSD.ORG Wed Jun 14 12:08:34 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7974116A474 for ; Wed, 14 Jun 2006 12:08:34 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0952543D46 for ; Wed, 14 Jun 2006 12:08:33 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id BC5622083; Wed, 14 Jun 2006 14:08:29 +0200 (CEST) X-Spam-Tests: none X-Spam-Learn: disabled X-Spam-Score: 0.0/3.0 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on tim.des.no Received: from xps.des.no (des.no [80.203.243.180]) by tim.des.no (Postfix) with ESMTP id 3C1082082; Wed, 14 Jun 2006 14:08:29 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 129AE33C28; Wed, 14 Jun 2006 14:08:29 +0200 (CEST) From: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?=) To: Forrest Aldrich References: <448C46BD.8060203@forrie.com> Date: Wed, 14 Jun 2006 14:08:28 +0200 In-Reply-To: <448C46BD.8060203@forrie.com> (Forrest Aldrich's message of "Sun, 11 Jun 2006 12:37:17 -0400") Message-ID: <86lks03poj.fsf@xps.des.no> User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Kerberos5 / Heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 12:08:34 -0000 Forrest Aldrich writes: > I see all the libraries in /usr/lib etc., so which is it... do we > have a full install as a part of 6.1 or is the security/heimdal > still needed to bring it up to speed. kerberos5 contains only Makefiles; the source code itself is in crypto/heimdal. This was originally done to make it easier to separate exportable and non-exportable parts of the tree. Since export controls are no longer an issue, the contents of crypto should probably move into contrib, and the Makefiles in kerberos5 and secure should be distributed in other parts of the tree (lib, usr.bin, usr.sbin etc.). Doing so would be hard on the repo, though (it would grow by approximately 100 MB, or about 7%, overnight). DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Jun 14 16:17:24 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7016816A474; Wed, 14 Jun 2006 16:17:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B3BC43D4C; Wed, 14 Jun 2006 16:17:23 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k5EGHNjk026780; Wed, 14 Jun 2006 16:17:23 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k5EGHN0Z026778; Wed, 14 Jun 2006 16:17:23 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 14 Jun 2006 16:17:23 GMT Message-Id: <200606141617.k5EGHN0Z026778@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:17.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 16:17:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:17.sendmail Security Advisory The FreeBSD Project Topic: Incorrect multipart message handling in Sendmail Category: contrib Module: contrib_sendmail Announced: 2006-06-14 Affects: All FreeBSD releases. Corrected: 2006-06-14 15:58:23 UTC (RELENG_6, 6.1-STABLE) 2006-06-14 15:59:28 UTC (RELENG_6_1, 6.1-RELEASE-p2) 2006-06-14 15:59:37 UTC (RELENG_6_0, 6.0-RELEASE-p9) 2006-06-14 16:00:02 UTC (RELENG_5, 5.5-STABLE) 2006-06-14 16:00:22 UTC (RELENG_5_5, 5.5-RELEASE-p2) 2006-06-14 16:00:42 UTC (RELENG_5_4, 5.4-RELEASE-p16) 2006-06-14 16:00:56 UTC (RELENG_5_3, 5.3-RELEASE-p31) 2006-06-14 16:01:06 UTC (RELENG_4, 4.11-STABLE) 2006-06-14 16:01:21 UTC (RELENG_4_11, 4.11-RELEASE-p19) CVE Name: CVE-2006-1173 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes sendmail(8), a general purpose internetwork mail routing facility, as the default Mail Transfer Agent (MTA). II. Problem Description A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage. III. Impact An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles queued messages to crash. Note that this will not stop new messages from entering the queue (either from local processes, or incoming via SMTP). IV. Workaround No workaround is available, but systems which do not receive email from untrusted sources are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, or RELENG_4_11 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch # fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/contrib/sendmail/src/deliver.c 1.1.1.3.2.24 src/contrib/sendmail/src/mime.c 1.1.1.3.2.14 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.31 RELENG_4_11 src/UPDATING 1.73.2.91.2.19 src/sys/conf/newvers.sh 1.44.2.39.2.22 src/contrib/sendmail/src/deliver.c 1.1.1.3.2.17.2.2 src/contrib/sendmail/src/mime.c 1.1.1.3.2.8.2.2 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.19.2.2 RELENG_5 src/contrib/sendmail/src/deliver.c 1.1.1.21.2.6 src/contrib/sendmail/src/mime.c 1.1.1.12.2.5 src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.6 RELENG_5_5 src/UPDATING 1.342.2.35.2.1 src/sys/conf/newvers.sh 1.62.2.21.2.3 src/contrib/sendmail/src/deliver.c 1.1.1.21.2.4.2.1 src/contrib/sendmail/src/mime.c 1.1.1.12.2.3.2.1 src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.4.2.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.24 src/sys/conf/newvers.sh 1.62.2.18.2.20 src/contrib/sendmail/src/deliver.c 1.1.1.21.2.1.2.2 src/contrib/sendmail/src/mime.c 1.1.1.12.2.1.2.2 src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.1.2.2 RELENG_5_3 src/UPDATING 1.342.2.13.2.33 src/sys/conf/newvers.sh 1.62.2.15.2.35 src/contrib/sendmail/src/deliver.c 1.1.1.21.4.2 src/contrib/sendmail/src/mime.c 1.1.1.12.4.2 src/contrib/sendmail/src/sendmail.h 1.1.1.23.4.2 RELENG_6 src/contrib/sendmail/src/deliver.c 1.1.1.23.2.3 src/contrib/sendmail/src/mime.c 1.1.1.13.2.3 src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.3 RELENG_6_1 src/UPDATING 1.416.2.22.2.3 src/sys/conf/newvers.sh 1.69.2.11.2.3 src/contrib/sendmail/src/deliver.c 1.1.1.23.2.2.2.1 src/contrib/sendmail/src/mime.c 1.1.1.13.2.2.2.1 src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.2.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.13 src/sys/conf/newvers.sh 1.69.2.8.2.9 src/contrib/sendmail/src/deliver.c 1.1.1.23.4.2 src/contrib/sendmail/src/mime.c 1.1.1.13.4.2 src/contrib/sendmail/src/sendmail.h 1.1.1.26.4.2 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEkDVJFdaIBMps37IRAqUCAJwKg8UZ2a5oO9XLXpPwgsBi+YdQcACgj2IY D5jN+o1IfjomEK4IIY+xiR8= =t7Wz -----END PGP SIGNATURE-----