From owner-freebsd-security@FreeBSD.ORG Wed Mar 22 16:11:24 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEA6D16A41F; Wed, 22 Mar 2006 16:11:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4A7C43D5D; Wed, 22 Mar 2006 16:11:23 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2MGBN91010018; Wed, 22 Mar 2006 16:11:23 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2MGBNKv010016; Wed, 22 Mar 2006 16:11:23 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 22 Mar 2006 16:11:23 GMT Message-Id: <200603221611.k2MGBNKv010016@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 16:11:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:11.ipsec Security Advisory The FreeBSD Project Topic: IPsec replay attack vulnerability Category: core Module: sys_netipsec Announced: 2006-03-22 Credits: Pawel Jakub Dawidek Affects: All FreeBSD releases since 4.8-RELEASE Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) CVE Name: CVE-2006-0905 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background IPsec is a set of protocols, including ESP (Encapsulating Security Payload) and AH (Authentication Header), that provide security services for IP datagrams. ESP protects IP payloads from wire-tapping by encrypting them using secret key cryptography algorithms. AH guarantees the integrity of IP packets and protects them from intermediate alteration or impersonation by attaching a cryptographic checksum computed using one-way hash functions. II. Problem Description IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fast_ipsec(4) implementation results in the sequence number associated with a Security Association not being updated, allowing packets to unconditionally pass sequence number verification checks. III. Impact An attacker able to to intercept IPSec packets can replay them. If higher level protocols which do not provide any protection against packet replays (e.g., UDP) are used, this may have a variety of effects. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/netipsec/xform_esp.c 1.2.2.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.17 src/sys/conf/newvers.sh 1.44.2.39.2.20 src/sys/netipsec/xform_esp.c 1.2.2.3.6.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.23 src/sys/conf/newvers.sh 1.33.2.34.2.24 src/sys/netipsec/xform_esp.c 1.2.2.3.4.1 RELENG_5 src/sys/netipsec/xform_esp.c 1.9.2.2 RELENG_5_4 src/UPDATING 1.342.2.24.2.22 src/sys/conf/newvers.sh 1.62.2.18.2.18 src/sys/netipsec/xform_esp.c 1.9.2.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.31 src/sys/conf/newvers.sh 1.62.2.15.2.33 src/sys/netipsec/xform_esp.c 1.9.4.1 RELENG_6 src/sys/netipsec/xform_esp.c 1.10.2.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.11 src/sys/conf/newvers.sh 1.69.2.8.2.7 src/sys/netipsec/xform_esp.c 1.10.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0905 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEIXZEFdaIBMps37IRAuqlAJ9ri+xFH1TGs96vNt788uo6plbu1ACcDau4 dm/4Df3zy7GguI+Ekp/hHuQ= =+iZv -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Mar 22 16:11:30 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ED4716A400; Wed, 22 Mar 2006 16:11:30 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FD9A43D5A; Wed, 22 Mar 2006 16:11:28 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2MGBRoG010063; Wed, 22 Mar 2006 16:11:27 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2MGBRUA010060; Wed, 22 Mar 2006 16:11:27 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 22 Mar 2006 16:11:27 GMT Message-Id: <200603221611.k2MGBRUA010060@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:12.opie X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 16:11:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:12.opie Security Advisory The FreeBSD Project Topic: OPIE arbitrary password change Category: contrib Module: contrib_opie Announced: 2006-03-22 Credits: Mykola Zubach Affects: All FreeBSD releases. Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) CVE Name: CVE-2006-1283 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OPIE is a one-time password system designed to help to secure a system against replay attacks. It does so using a secure hash function and a challenge/response system. The opiepasswd(1) program is used to set up OPIE authentication for a user. OPIE is enabled by default on FreeBSD through PAM. II. Problem Description The opiepasswd(1) program uses getlogin(2) to identify the user calling opiepasswd(1). In some circumstances getlogin(2) will return "root" even when running as an unprivileged user. This causes opiepasswd(1) to allow an unpriviled user to configure OPIE authentication for the root user. III. Impact In certain cases an attacker able to run commands as a non privileged users which have not explicitly logged in, for example CGI scripts run by a web server, is able to configure OPIE access for the root user. If the attacker is able to authenticate as root using OPIE authentication, for example if "PermitRootLogin" is set to "yes" in sshd_config or the attacker has access to a local user in the "wheel" group, the attacker can gain root privileges. IV. Workaround Disable OPIE authentication in PAM: # sed -i "" -e /opie/s/^/#/ /etc/pam.d/* or Remove the setuid bit from opiepasswd: # chflags noschg /usr/bin/opiepasswd # chmod 555 /usr/bin/opiepasswd # chflags schg /usr/bin/opiepasswd V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:12/opie.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:12/opie.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.bin/opiepasswd # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/contrib/opie/opiepasswd.c 1.1.1.2.6.4 RELENG_4_11 src/UPDATING 1.73.2.91.2.17 src/sys/conf/newvers.sh 1.44.2.39.2.20 src/contrib/opie/opiepasswd.c 1.1.1.2.6.3.10.1 RELENG_4_10 src/UPDATING 1.73.2.90.2.23 src/sys/conf/newvers.sh 1.33.2.34.2.24 src/contrib/opie/opiepasswd.c 1.1.1.2.6.3.8.1 RELENG_5 src/contrib/opie/opiepasswd.c 1.3.8.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.22 src/sys/conf/newvers.sh 1.62.2.18.2.18 src/contrib/opie/opiepasswd.c 1.3.12.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.31 src/sys/conf/newvers.sh 1.62.2.15.2.33 src/contrib/opie/opiepasswd.c 1.3.10.1 RELENG_6 src/contrib/opie/opiepasswd.c 1.3.14.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.11 src/sys/conf/newvers.sh 1.69.2.8.2.7 src/contrib/opie/opiepasswd.c 1.3.16.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1283 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEIXZNFdaIBMps37IRAoChAJ9ZFa+7jKF11vpUOKxmh8FqcG3EXgCfYOqj /M5ncIaa4gs6P9wihbZ1vZc= =fccv -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Mar 22 16:11:33 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5487F16A446; Wed, 22 Mar 2006 16:11:33 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 97CEC43D5D; Wed, 22 Mar 2006 16:11:31 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2MGBV7X010106; Wed, 22 Mar 2006 16:11:31 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2MGBV8j010104; Wed, 22 Mar 2006 16:11:31 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 22 Mar 2006 16:11:31 GMT Message-Id: <200603221611.k2MGBV8j010104@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: security-advisories@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 16:11:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:13.sendmail Security Advisory The FreeBSD Project Topic: Race condition in sendmail Category: contrib Module: contrib_sendmail Announced: 2006-03-22 Affects: All FreeBSD releases. Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) CVE Name: CVE-2006-0058 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . NOTE: The issue discussed in this advisory was reported to the FreeBSD Security Team, and the patch which corrects it was supplied, by the Sendmail Consortium via CERT. Due to the limited information available concerning the nature of the vulnerability, the FreeBSD Security Team has not been able to evaluate the effectiveness of the fixes, nor the possibility of other workarounds. I. Background FreeBSD includes sendmail(8), a general purpose internetwork mail routing facility, as the default Mail Transfer Agent (MTA). II. Problem Description A race condition has been reported to exist in the handling by sendmail of asynchronous signals. III. Impact A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. IV. Workaround There is no known workaround other than disabling sendmail. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.10, 4.11, 5.3, 5.4, and 6.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.10] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc [FreeBSD 4.11 and FreeBSD 5.3] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc [FreeBSD 5.4, and FreeBSD 6.x] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1 src/contrib/sendmail/libsm/local.h 1.1.1.1.2.6 src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.4 src/contrib/sendmail/src/collect.c 1.1.1.4.2.17 src/contrib/sendmail/src/conf.c 1.5.2.20 src/contrib/sendmail/src/deliver.c 1.1.1.3.2.20 src/contrib/sendmail/src/headers.c 1.4.2.16 src/contrib/sendmail/src/mime.c 1.1.1.3.2.10 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.20 src/contrib/sendmail/src/savemail.c 1.4.2.13 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.22 src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.16 src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.3 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.20 src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.17 src/contrib/sendmail/src/util.c 1.1.1.3.2.15 RELENG_4_11 src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.12.1 src/contrib/sendmail/libsm/local.h 1.1.1.1.2.5.2.1 src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.3.2.1 src/contrib/sendmail/src/collect.c 1.1.1.4.2.14.2.1 src/contrib/sendmail/src/conf.c 1.5.2.17.2.1 src/contrib/sendmail/src/deliver.c 1.1.1.3.2.17.2.1 src/contrib/sendmail/src/headers.c 1.4.2.14.2.1 src/contrib/sendmail/src/mime.c 1.1.1.3.2.8.2.1 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.17.2.1 src/contrib/sendmail/src/savemail.c 1.4.2.11.2.1 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.19.2.1 src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.14.2.1 src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.12.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.17.2.1 src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.14.2.1 src/contrib/sendmail/src/util.c 1.1.1.3.2.13.2.1 src/UPDATING 1.73.2.91.2.17 src/sys/conf/newvers.sh 1.44.2.39.2.20 RELENG_4_10 src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.10.1 src/contrib/sendmail/libsm/local.h 1.1.1.1.2.4.2.1 src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.2.6.1 src/contrib/sendmail/src/collect.c 1.1.1.4.2.13.2.1 src/contrib/sendmail/src/conf.c 1.5.2.16.2.1 src/contrib/sendmail/src/deliver.c 1.1.1.3.2.16.2.1 src/contrib/sendmail/src/headers.c 1.4.2.13.2.1 src/contrib/sendmail/src/mime.c 1.1.1.3.2.7.2.1 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.16.2.1 src/contrib/sendmail/src/savemail.c 1.4.2.10.6.1 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.18.2.1 src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.13.2.1 src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.10.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.16.2.1 src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.13.2.1 src/contrib/sendmail/src/util.c 1.1.1.3.2.12.2.1 src/UPDATING 1.73.2.90.2.23 src/sys/conf/newvers.sh 1.33.2.34.2.24 RELENG_5 src/contrib/sendmail/libsm/fflush.c 1.1.1.3.8.1 src/contrib/sendmail/libsm/local.h 1.1.1.7.2.1 src/contrib/sendmail/libsm/refill.c 1.1.1.5.2.1 src/contrib/sendmail/src/collect.c 1.1.1.19.2.3 src/contrib/sendmail/src/conf.c 1.26.2.3 src/contrib/sendmail/src/deliver.c 1.1.1.21.2.3 src/contrib/sendmail/src/headers.c 1.20.2.2 src/contrib/sendmail/src/mime.c 1.1.1.12.2.2 src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.3 src/contrib/sendmail/src/savemail.c 1.16.2.2 src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.3 src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.2 src/contrib/sendmail/src/sfsasl.h 1.1.1.4.8.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.3 src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.3 src/contrib/sendmail/src/util.c 1.1.1.17.2.2 RELENG_5_4 src/contrib/sendmail/libsm/fflush.c 1.1.1.3.12.1 src/contrib/sendmail/libsm/local.h 1.1.1.7.6.1 src/contrib/sendmail/libsm/refill.c 1.1.1.5.6.1 src/contrib/sendmail/src/collect.c 1.1.1.19.2.1.2.1 src/contrib/sendmail/src/conf.c 1.26.2.1.2.1 src/contrib/sendmail/src/deliver.c 1.1.1.21.2.1.2.1 src/contrib/sendmail/src/headers.c 1.20.2.1.2.1 src/contrib/sendmail/src/mime.c 1.1.1.12.2.1.2.1 src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.1.2.1 src/contrib/sendmail/src/savemail.c 1.16.2.1.2.1 src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.1.2.1 src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.1.2.1 src/contrib/sendmail/src/sfsasl.h 1.1.1.4.12.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.1.2.1 src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.1.2.1 src/contrib/sendmail/src/util.c 1.1.1.17.2.1.2.1 src/UPDATING 1.342.2.24.2.22 src/sys/conf/newvers.sh 1.62.2.18.2.18 RELENG_5_3 src/contrib/sendmail/libsm/fflush.c 1.1.1.3.10.1 src/contrib/sendmail/libsm/local.h 1.1.1.7.4.1 src/contrib/sendmail/libsm/refill.c 1.1.1.5.4.1 src/contrib/sendmail/src/collect.c 1.1.1.19.4.1 src/contrib/sendmail/src/conf.c 1.26.4.1 src/contrib/sendmail/src/deliver.c 1.1.1.21.4.1 src/contrib/sendmail/src/headers.c 1.20.4.1 src/contrib/sendmail/src/mime.c 1.1.1.12.4.1 src/contrib/sendmail/src/parseaddr.c 1.1.1.20.4.1 src/contrib/sendmail/src/savemail.c 1.16.4.1 src/contrib/sendmail/src/sendmail.h 1.1.1.23.4.1 src/contrib/sendmail/src/sfsasl.c 1.1.1.14.4.1 src/contrib/sendmail/src/sfsasl.h 1.1.1.4.10.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.4.1 src/contrib/sendmail/src/usersmtp.c 1.1.1.18.4.1 src/contrib/sendmail/src/util.c 1.1.1.17.4.1 src/UPDATING 1.342.2.13.2.31 src/sys/conf/newvers.sh 1.62.2.15.2.33 RELENG_6 src/contrib/sendmail/libsm/fflush.c 1.1.1.3.14.1 src/contrib/sendmail/libsm/local.h 1.1.1.7.8.1 src/contrib/sendmail/libsm/refill.c 1.1.1.5.8.1 src/contrib/sendmail/src/collect.c 1.1.1.21.2.1 src/contrib/sendmail/src/conf.c 1.28.2.1 src/contrib/sendmail/src/deliver.c 1.1.1.23.2.1 src/contrib/sendmail/src/headers.c 1.21.2.1 src/contrib/sendmail/src/mime.c 1.1.1.13.2.1 src/contrib/sendmail/src/parseaddr.c 1.1.1.22.2.1 src/contrib/sendmail/src/savemail.c 1.17.2.1 src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.1 src/contrib/sendmail/src/sfsasl.c 1.1.1.15.2.1 src/contrib/sendmail/src/sfsasl.h 1.1.1.4.14.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.2.1 src/contrib/sendmail/src/usersmtp.c 1.1.1.21.2.1 src/contrib/sendmail/src/util.c 1.1.1.18.2.1 RELENG_6_0 src/contrib/sendmail/libsm/fflush.c 1.1.1.3.16.1 src/contrib/sendmail/libsm/local.h 1.1.1.7.10.1 src/contrib/sendmail/libsm/refill.c 1.1.1.5.10.1 src/contrib/sendmail/src/collect.c 1.1.1.21.4.1 src/contrib/sendmail/src/conf.c 1.28.4.1 src/contrib/sendmail/src/deliver.c 1.1.1.23.4.1 src/contrib/sendmail/src/headers.c 1.21.4.1 src/contrib/sendmail/src/mime.c 1.1.1.13.4.1 src/contrib/sendmail/src/parseaddr.c 1.1.1.22.4.1 src/contrib/sendmail/src/savemail.c 1.17.4.1 src/contrib/sendmail/src/sendmail.h 1.1.1.26.4.1 src/contrib/sendmail/src/sfsasl.c 1.1.1.15.4.1 src/contrib/sendmail/src/sfsasl.h 1.1.1.4.16.1 src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.4.1 src/contrib/sendmail/src/usersmtp.c 1.1.1.21.4.1 src/contrib/sendmail/src/util.c 1.1.1.18.4.1 src/UPDATING 1.416.2.3.2.11 src/sys/conf/newvers.sh 1.69.2.8.2.7 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 The latest revision of this advisory is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFEIXZWFdaIBMps37IRAldYAJ9nd+wQMJlQObUuio5tBEFwD0ULwwCbB2eI u3JkyVwHx4WOgmZkg9QKang= =d3RW -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Mar 22 17:50:44 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFABA16A400; Wed, 22 Mar 2006 17:50:44 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E09143D67; Wed, 22 Mar 2006 17:50:44 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr1so.prod.shaw.ca (pd2mr1so-qfe3.prod.shaw.ca [10.0.141.110]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWJ00L9WIWJ6T20@l-daemon>; Wed, 22 Mar 2006 10:50:43 -0700 (MST) Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147]) by pd2mr1so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWJ00AV9IWJLHN0@pd2mr1so.prod.shaw.ca>; Wed, 22 Mar 2006 10:50:43 -0700 (MST) Received: from [192.168.0.60] ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWJ006DAIWJY1G0@l-daemon>; Wed, 22 Mar 2006 10:50:43 -0700 (MST) Date: Wed, 22 Mar 2006 09:50:42 -0800 From: Colin Percival In-reply-to: <35c231bf0603220938k6a31f621wd6ff90e746c54f4d@mail.gmail.com> To: David Kirchner Message-id: <44218E72.7040201@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <35c231bf0603220938k6a31f621wd6ff90e746c54f4d@mail.gmail.com> User-Agent: Thunderbird 1.5 (X11/20060112) Cc: freebsd-security@freebsd.org, FreeBSD Questions Subject: Re: sendmail patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 17:50:44 -0000 David Kirchner wrote: > The patches listed in the recent advisory about sendmail don't > currently exist on the FTP server. Does this mean: > > a) They're just not there yet. > > b) They were there, but they were taken down because of some problem with them. They're just not there yet. ftp.freebsd.org mirrors from ftp-master.freebsd.org; the files are on ftp-master, but they apparently haven't been mirrored yet. Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed Mar 22 18:42:38 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E59D416A41F; Wed, 22 Mar 2006 18:42:38 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3254D43D9B; Wed, 22 Mar 2006 18:40:46 +0000 (GMT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost2.sentex.ca (8.13.4/8.13.4) with ESMTP id k2MIeXfs082991; Wed, 22 Mar 2006 13:40:33 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id k2MIeWpR078142 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 22 Mar 2006 13:40:32 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.2.3.4.0.20060322133802.0a0ad290@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Wed, 22 Mar 2006 13:40:32 -0500 To: freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: <200603221611.k2MGBV21010114@freefall.freebsd.org> References: <200603221611.k2MGBV21010114@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 205.211.164.50 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 18:42:39 -0000 Hi, The patches apply cleanly on RELENG_4, but sendmail does not compile properly using ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install rm -f .depend mkdep -f .depend -a -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/arpadate.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/bf.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/conf.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/control.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/convtime.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/daemon.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/deliver.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/domain.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/envelope.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/err.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/headers.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/macro.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/main.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/map.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/mci.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/milter.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/mime.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/parseaddr.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/queue.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/ratectrl.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/readcf.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/recipient.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/savemail.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sasl.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sfsasl.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/shmticklib.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sm_resolve.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/srvrsmtp.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/stab.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/stats.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sysexits.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/timers.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/tls.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/trace.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/udb.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/util.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/version.c echo sendmail: /usr/lib/libc.a /usr/lib/libutil.a /usr/lib/libwrap.a /usr/obj/usr/src/usr.sbin/sendmail/../../lib/libsmutil/libsmutil.a /usr/obj/usr/src/usr.sbin/sendmail/../../lib/libsm/libsm.a /usr/lib/libssl.a /usr/lib/libcrypto.a >> .depend cc -O -pipe -march=pentiumpro -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c cc -O -pipe -march=pentiumpro -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/arpadate.c cc -O -pipe -march=pentiumpro -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/bf.c cc -O -pipe -march=pentiumpro -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c: In function `collecttimeout': /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:941: `CollectProgress' undeclared (first use in this function) /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:941: (Each undeclared identifier is reported only once /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:941: for each function it appears in.) /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:944: `CollectTimeout' undeclared (first use in this function) /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:958: `CtxCollectTimeout' undeclared (first use in this function) *** Error code 1 Stop in /usr/src/usr.sbin/sendmail. This is on 4.11-STABLE FreeBSD 4.11-STABLE #0: Mon Feb 13 17:36:36 EST 2006 ---Mike At 11:11 AM 22/03/2006, FreeBSD Security Advisories wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >============================================================================= >FreeBSD-SA-06:13.sendmail Security Advisory > The FreeBSD Project > >Topic: Race condition in sendmail > >Category: contrib >Module: contrib_sendmail >Announced: 2006-03-22 >Affects: All FreeBSD releases. >Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) > 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) > 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) > 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) > 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) > 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) > 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) > 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) >CVE Name: CVE-2006-0058 > >For general information regarding FreeBSD Security Advisories, >including descriptions of the fields above, security branches, and the >following sections, please visit >. > >NOTE: The issue discussed in this advisory was reported to the FreeBSD >Security Team, and the patch which corrects it was supplied, by the >Sendmail Consortium via CERT. Due to the limited information available >concerning the nature of the vulnerability, the FreeBSD Security Team >has not been able to evaluate the effectiveness of the fixes, nor the >possibility of other workarounds. > >I. Background > >FreeBSD includes sendmail(8), a general purpose internetwork mail >routing facility, as the default Mail Transfer Agent (MTA). > >II. Problem Description > >A race condition has been reported to exist in the handling by sendmail >of asynchronous signals. > >III. Impact > >A remote attacker may be able to execute arbitrary code with the >privileges of the user running sendmail, typically root. > >IV. Workaround > >There is no known workaround other than disabling sendmail. > >V. Solution > >Perform one of the following: > >1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, >or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or >RELENG_4_10 security branch dated after the correction date. > >2) To patch your present system: > >The following patches have been verified to apply to FreeBSD 4.10, >4.11, 5.3, 5.4, and 6.0 systems. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > >[FreeBSD 4.10] ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc > >[FreeBSD 4.11 and FreeBSD 5.3] ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc > >[FreeBSD 5.4, and FreeBSD 6.x] ># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch ># fetch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc > >b) Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch ># cd /usr/src/lib/libsm ># make obj && make depend && make ># cd /usr/src/lib/libsmutil ># make obj && make depend && make ># cd /usr/src/usr.sbin/sendmail ># make obj && make depend && make && make install > >VI. Correction details > >The following list contains the revision numbers of each file that was >corrected in FreeBSD. > >Branch Revision > Path >- ------------------------------------------------------------------------- >RELENG_4 > src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1 > src/contrib/sendmail/libsm/local.h 1.1.1.1.2.6 > src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.4 > src/contrib/sendmail/src/collect.c 1.1.1.4.2.17 > src/contrib/sendmail/src/conf.c 1.5.2.20 > src/contrib/sendmail/src/deliver.c 1.1.1.3.2.20 > src/contrib/sendmail/src/headers.c 1.4.2.16 > src/contrib/sendmail/src/mime.c 1.1.1.3.2.10 > src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.20 > src/contrib/sendmail/src/savemail.c 1.4.2.13 > src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.22 > src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.16 > src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.3 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.20 > src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.17 > src/contrib/sendmail/src/util.c 1.1.1.3.2.15 >RELENG_4_11 > src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.12.1 > src/contrib/sendmail/libsm/local.h 1.1.1.1.2.5.2.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.3.2.1 > src/contrib/sendmail/src/collect.c 1.1.1.4.2.14.2.1 > src/contrib/sendmail/src/conf.c 1.5.2.17.2.1 > src/contrib/sendmail/src/deliver.c 1.1.1.3.2.17.2.1 > src/contrib/sendmail/src/headers.c 1.4.2.14.2.1 > src/contrib/sendmail/src/mime.c 1.1.1.3.2.8.2.1 > src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.17.2.1 > src/contrib/sendmail/src/savemail.c 1.4.2.11.2.1 > src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.19.2.1 > src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.14.2.1 > src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.12.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.17.2.1 > src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.14.2.1 > src/contrib/sendmail/src/util.c 1.1.1.3.2.13.2.1 > src/UPDATING 1.73.2.91.2.17 > src/sys/conf/newvers.sh 1.44.2.39.2.20 >RELENG_4_10 > src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.10.1 > src/contrib/sendmail/libsm/local.h 1.1.1.1.2.4.2.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.2.6.1 > src/contrib/sendmail/src/collect.c 1.1.1.4.2.13.2.1 > src/contrib/sendmail/src/conf.c 1.5.2.16.2.1 > src/contrib/sendmail/src/deliver.c 1.1.1.3.2.16.2.1 > src/contrib/sendmail/src/headers.c 1.4.2.13.2.1 > src/contrib/sendmail/src/mime.c 1.1.1.3.2.7.2.1 > src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.16.2.1 > src/contrib/sendmail/src/savemail.c 1.4.2.10.6.1 > src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.18.2.1 > src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.13.2.1 > src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.10.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.16.2.1 > src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.13.2.1 > src/contrib/sendmail/src/util.c 1.1.1.3.2.12.2.1 > src/UPDATING 1.73.2.90.2.23 > src/sys/conf/newvers.sh 1.33.2.34.2.24 >RELENG_5 > src/contrib/sendmail/libsm/fflush.c 1.1.1.3.8.1 > src/contrib/sendmail/libsm/local.h 1.1.1.7.2.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.5.2.1 > src/contrib/sendmail/src/collect.c 1.1.1.19.2.3 > src/contrib/sendmail/src/conf.c 1.26.2.3 > src/contrib/sendmail/src/deliver.c 1.1.1.21.2.3 > src/contrib/sendmail/src/headers.c 1.20.2.2 > src/contrib/sendmail/src/mime.c 1.1.1.12.2.2 > src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.3 > src/contrib/sendmail/src/savemail.c 1.16.2.2 > src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.3 > src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.2 > src/contrib/sendmail/src/sfsasl.h 1.1.1.4.8.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.3 > src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.3 > src/contrib/sendmail/src/util.c 1.1.1.17.2.2 >RELENG_5_4 > src/contrib/sendmail/libsm/fflush.c 1.1.1.3.12.1 > src/contrib/sendmail/libsm/local.h 1.1.1.7.6.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.5.6.1 > src/contrib/sendmail/src/collect.c 1.1.1.19.2.1.2.1 > src/contrib/sendmail/src/conf.c 1.26.2.1.2.1 > src/contrib/sendmail/src/deliver.c 1.1.1.21.2.1.2.1 > src/contrib/sendmail/src/headers.c 1.20.2.1.2.1 > src/contrib/sendmail/src/mime.c 1.1.1.12.2.1.2.1 > src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.1.2.1 > src/contrib/sendmail/src/savemail.c 1.16.2.1.2.1 > src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.1.2.1 > src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.1.2.1 > src/contrib/sendmail/src/sfsasl.h 1.1.1.4.12.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.1.2.1 > src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.1.2.1 > src/contrib/sendmail/src/util.c 1.1.1.17.2.1.2.1 > src/UPDATING 1.342.2.24.2.22 > src/sys/conf/newvers.sh 1.62.2.18.2.18 >RELENG_5_3 > src/contrib/sendmail/libsm/fflush.c 1.1.1.3.10.1 > src/contrib/sendmail/libsm/local.h 1.1.1.7.4.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.5.4.1 > src/contrib/sendmail/src/collect.c 1.1.1.19.4.1 > src/contrib/sendmail/src/conf.c 1.26.4.1 > src/contrib/sendmail/src/deliver.c 1.1.1.21.4.1 > src/contrib/sendmail/src/headers.c 1.20.4.1 > src/contrib/sendmail/src/mime.c 1.1.1.12.4.1 > src/contrib/sendmail/src/parseaddr.c 1.1.1.20.4.1 > src/contrib/sendmail/src/savemail.c 1.16.4.1 > src/contrib/sendmail/src/sendmail.h 1.1.1.23.4.1 > src/contrib/sendmail/src/sfsasl.c 1.1.1.14.4.1 > src/contrib/sendmail/src/sfsasl.h 1.1.1.4.10.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.4.1 > src/contrib/sendmail/src/usersmtp.c 1.1.1.18.4.1 > src/contrib/sendmail/src/util.c 1.1.1.17.4.1 > src/UPDATING 1.342.2.13.2.31 > src/sys/conf/newvers.sh 1.62.2.15.2.33 >RELENG_6 > src/contrib/sendmail/libsm/fflush.c 1.1.1.3.14.1 > src/contrib/sendmail/libsm/local.h 1.1.1.7.8.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.5.8.1 > src/contrib/sendmail/src/collect.c 1.1.1.21.2.1 > src/contrib/sendmail/src/conf.c 1.28.2.1 > src/contrib/sendmail/src/deliver.c 1.1.1.23.2.1 > src/contrib/sendmail/src/headers.c 1.21.2.1 > src/contrib/sendmail/src/mime.c 1.1.1.13.2.1 > src/contrib/sendmail/src/parseaddr.c 1.1.1.22.2.1 > src/contrib/sendmail/src/savemail.c 1.17.2.1 > src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.1 > src/contrib/sendmail/src/sfsasl.c 1.1.1.15.2.1 > src/contrib/sendmail/src/sfsasl.h 1.1.1.4.14.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.2.1 > src/contrib/sendmail/src/usersmtp.c 1.1.1.21.2.1 > src/contrib/sendmail/src/util.c 1.1.1.18.2.1 >RELENG_6_0 > src/contrib/sendmail/libsm/fflush.c 1.1.1.3.16.1 > src/contrib/sendmail/libsm/local.h 1.1.1.7.10.1 > src/contrib/sendmail/libsm/refill.c 1.1.1.5.10.1 > src/contrib/sendmail/src/collect.c 1.1.1.21.4.1 > src/contrib/sendmail/src/conf.c 1.28.4.1 > src/contrib/sendmail/src/deliver.c 1.1.1.23.4.1 > src/contrib/sendmail/src/headers.c 1.21.4.1 > src/contrib/sendmail/src/mime.c 1.1.1.13.4.1 > src/contrib/sendmail/src/parseaddr.c 1.1.1.22.4.1 > src/contrib/sendmail/src/savemail.c 1.17.4.1 > src/contrib/sendmail/src/sendmail.h 1.1.1.26.4.1 > src/contrib/sendmail/src/sfsasl.c 1.1.1.15.4.1 > src/contrib/sendmail/src/sfsasl.h 1.1.1.4.16.1 > src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.4.1 > src/contrib/sendmail/src/usersmtp.c 1.1.1.21.4.1 > src/contrib/sendmail/src/util.c 1.1.1.18.4.1 > src/UPDATING 1.416.2.3.2.11 > src/sys/conf/newvers.sh 1.69.2.8.2.7 >- ------------------------------------------------------------------------- > >VII. References > >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 > >The latest revision of this advisory is available at >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.2.2 (FreeBSD) > >iD8DBQFEIXZWFdaIBMps37IRAldYAJ9nd+wQMJlQObUuio5tBEFwD0ULwwCbB2eI >u3JkyVwHx4WOgmZkg9QKang= >=d3RW >-----END PGP SIGNATURE----- >_______________________________________________ >freebsd-security-notifications@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications >To unsubscribe, send any mail to >"freebsd-security-notifications-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed Mar 22 23:11:23 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5BF916A400 for ; Wed, 22 Mar 2006 23:11:23 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 936ED43D46 for ; Wed, 22 Mar 2006 23:11:17 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [127.0.0.1] (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id D0F9019F2C for ; Wed, 22 Mar 2006 15:11:14 -0800 (PST) Message-ID: <4421D994.7020807@bitfreak.org> Date: Wed, 22 Mar 2006 15:11:16 -0800 From: Darren Pilgrim User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: FreeBSD-Security Post References: <200603221611.k2MGBV8j010104@freefall.freebsd.org> In-Reply-To: <200603221611.k2MGBV8j010104@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 23:11:23 -0000 Does this affect all use of sendmail or just SMTP servers? Specifically, can this be locally exploited in a submission agent with no local delivery? From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 09:03:34 2006 Return-Path: X-Original-To: FreeBSD-security@freebsd.org Delivered-To: FreeBSD-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73FF016A424 for ; Thu, 23 Mar 2006 09:03:34 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DDB143D46 for ; Thu, 23 Mar 2006 09:03:27 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2N93AlW002079 for ; Thu, 23 Mar 2006 11:03:10 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 23 Mar 2006 11:03:10 +0200 (EET) From: Dmitry Pryanishnikov To: FreeBSD-security@freebsd.org In-Reply-To: <200603221611.k2MGBNaj010025@freefall.freebsd.org> Message-ID: <20060323110015.R99976@atlantis.atlantis.dp.ua> References: <200603221611.k2MGBNaj010025@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 09:03:34 -0000 Hello! On Wed, 22 Mar 2006, FreeBSD Security Advisories wrote: > II. Problem Description > > IPsec provides an anti-replay service which when enabled prevents an attacker > from successfully executing a replay attack. This is done through the > verification of sequence numbers. A programming error in the fast_ipsec(4) > implementation results in the sequence number associated with a Security > Association not being updated, allowing packets to unconditionally pass > sequence number verification checks. > > III. Impact > > An attacker able to to intercept IPSec packets can replay them. If higher > level protocols which do not provide any protection against packet replays > (e.g., UDP) are used, this may have a variety of effects. As far as I understood, only systems which use "options FAST_IPSEC" are affected by this issue. Is it true? If so, wouldn't be wise to stress this fact in the advisory? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 10:06:24 2006 Return-Path: X-Original-To: FreeBSD-security@freebsd.org Delivered-To: FreeBSD-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ED7B16A400 for ; Thu, 23 Mar 2006 10:06:24 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd5mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id B961543D46 for ; Thu, 23 Mar 2006 10:06:23 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr6so.prod.shaw.ca (pd2mr6so-qfe3.prod.shaw.ca [10.0.141.9]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWK00CSCS2N0A80@l-daemon> for FreeBSD-security@freebsd.org; Thu, 23 Mar 2006 03:06:23 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7]) by pd2mr6so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWK004R3S2NI710@pd2mr6so.prod.shaw.ca> for FreeBSD-security@freebsd.org; Thu, 23 Mar 2006 03:06:23 -0700 (MST) Received: from [192.168.0.60] ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWK003Q3S2MPLV0@l-daemon> for FreeBSD-security@freebsd.org; Thu, 23 Mar 2006 03:06:23 -0700 (MST) Date: Thu, 23 Mar 2006 02:06:21 -0800 From: Colin Percival In-reply-to: <20060323110015.R99976@atlantis.atlantis.dp.ua> To: Dmitry Pryanishnikov Message-id: <4422731D.4050804@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <200603221611.k2MGBNaj010025@freefall.freebsd.org> <20060323110015.R99976@atlantis.atlantis.dp.ua> User-Agent: Thunderbird 1.5 (X11/20060112) Cc: FreeBSD-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 10:06:24 -0000 Dmitry Pryanishnikov wrote: > As far as I understood, only systems which use "options FAST_IPSEC" are > affected by this issue. Is it true? If so, wouldn't be wise to stress this > fact in the advisory? Yes, and yes. Usually we do mention things like this; it slipped through the cracks this time. Colin Percival From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 11:29:51 2006 Return-Path: X-Original-To: FreeBSD-security@freebsd.org Delivered-To: FreeBSD-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C4CB16A422 for ; Thu, 23 Mar 2006 11:29:51 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F38043D5A for ; Thu, 23 Mar 2006 11:29:49 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 3F02B5197B; Thu, 23 Mar 2006 12:29:47 +0100 (CET) Received: from localhost (ana50.internetdsl.tpnet.pl [83.17.82.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 59BD050B83; Thu, 23 Mar 2006 12:29:37 +0100 (CET) Date: Thu, 23 Mar 2006 12:28:44 +0100 From: Pawel Jakub Dawidek To: Dmitry Pryanishnikov Message-ID: <20060323112844.GA18526@garage.freebsd.pl> References: <200603221611.k2MGBNaj010025@freefall.freebsd.org> <20060323110015.R99976@atlantis.atlantis.dp.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <20060323110015.R99976@atlantis.atlantis.dp.ua> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: FreeBSD-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 11:29:51 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 23, 2006 at 11:03:10AM +0200, Dmitry Pryanishnikov wrote: +>=20 +> Hello! +>=20 +> On Wed, 22 Mar 2006, FreeBSD Security Advisories wrote: +> >II. Problem Description +> > +> >IPsec provides an anti-replay service which when enabled prevents an at= tacker +> >from successfully executing a replay attack. This is done through the +> >verification of sequence numbers. A programming error in the fast_ipse= c(4) +> >implementation results in the sequence number associated with a Security +> >Association not being updated, allowing packets to unconditionally pass +> >sequence number verification checks. +> > +> >III. Impact +> > +> >An attacker able to to intercept IPSec packets can replay them. If hig= her +> >level protocols which do not provide any protection against packet repl= ays +> >(e.g., UDP) are used, this may have a variety of effects. +>=20 +> As far as I understood, only systems which use "options FAST_IPSEC" are= affected by this issue. Is it true? If so, wouldn't be wise to stress this +> fact in the advisory? Yes, only FAST_IPSEC and only ESP (AH is ok). --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEIoZsForvXbEpPzQRAvBxAKDpQPMudySihZ9Du92HZAXqPeMkQACgqZfD 2QtYckz/rnD4hiPxibDY80o= =eYK7 -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 08:44:13 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EFD516A425 for ; Thu, 23 Mar 2006 08:44:13 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D76643D5E for ; Thu, 23 Mar 2006 08:44:11 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2N8i5mu093429 for ; Thu, 23 Mar 2006 10:44:05 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 23 Mar 2006 10:44:05 +0200 (EET) From: Dmitry Pryanishnikov To: freebsd-security@freebsd.org In-Reply-To: <200603221611.k2MGBV21010114@freefall.freebsd.org> Message-ID: <20060323103739.X90993@atlantis.atlantis.dp.ua> References: <200603221611.k2MGBV21010114@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Thu, 23 Mar 2006 12:32:49 +0000 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 08:44:13 -0000 Hello! On Wed, 22 Mar 2006, FreeBSD Security Advisories wrote: > Path > - ------------------------------------------------------------------------- > RELENG_4 > src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1 > src/contrib/sendmail/libsm/local.h 1.1.1.1.2.6 > src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.4 This doesn't change sendmail's identification string - it's still "8.13.1" on RELENG_4_11, which makes detection of unpatched systems more difficult to sysadmin. Wouldn't be wise to add, say, "-p1" to this string in version.c? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 13:57:16 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 869B216A424 for ; Thu, 23 Mar 2006 13:57:16 +0000 (UTC) (envelope-from oleg.khomichenko@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFFC543D45 for ; Thu, 23 Mar 2006 13:57:15 +0000 (GMT) (envelope-from oleg.khomichenko@gmail.com) Received: by xproxy.gmail.com with SMTP id r21so317376wxc for ; Thu, 23 Mar 2006 05:57:15 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=T/ooHW5adtj57l9BfXelyqiy9J0HVJilc497WVo+bA9geIER/j9qC3EL9Lsui2X5U4zofHpLZHcf9y4QunD3139porrN7vuepluvHhCMRb5vXx3nP1Bm6P0mq4D2ieVnshcBwx0d0flsggDz8d5BibfjdrVQhaguAyQ4Wbk8xN4= Received: by 10.70.95.14 with SMTP id s14mr2493142wxb; Thu, 23 Mar 2006 05:57:15 -0800 (PST) Received: by 10.70.61.14 with HTTP; Thu, 23 Mar 2006 05:57:15 -0800 (PST) Message-ID: <2b861f820603230557i585f269dh4e6227ef2887f0cd@mail.gmail.com> Date: Thu, 23 Mar 2006 15:57:15 +0200 From: "Oleg Khomichenko" To: freebsd-security@freebsd.org In-Reply-To: <200603221611.k2MGBV8j010104@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200603221611.k2MGBV8j010104@freefall.freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 13:57:16 -0000 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > Announced: 2006-03-22 > Affects: All FreeBSD releases. 15:33 [p2]root@alfa:/usr/src>uname -a FreeBSD xxxx.xxxxxxx.xxxxxx 4.11-STABLE FreeBSD 4.11-STABLE #1: Mon Apr 11 18:42:41 EEST 2005 =20 xxxx@xxxx.xxxxxxx.xxx.xx:/usr/obj/usr/src/sys/ALFA i386 15:36 [p2]root@alfa:/usr/src>sendmail -d0.1 Version 8.13.3 When I try to check patch (patch -C), I receive many "Hunk #n failed at nn." see below. Is it problem or no and I can continue and vulnerability will be removed? Script started on Thu Mar 23 15:30:22 2006 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/libsm/fflush.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/libsm/fflush.c,v |retrieving revision 1.1.1.3 |diff -u -I__FBSDID -r1.1.1.3 fflush.c |--- contrib/sendmail/libsm/fflush.c=0911 Jun 2002 21:11:58 -0000=091.1.1.3 |+++ contrib/sendmail/libsm/fflush.c=0921 Mar 2006 12:43:09 -0000 -------------------------- Patching file contrib/sendmail/libsm/fflush.c using Plan A... Hunk #1 succeeded at 145. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/libsm/local.h |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/libsm/local.h,v |retrieving revision 1.1.1.7 |diff -u -I__FBSDID -r1.1.1.7 local.h |--- contrib/sendmail/libsm/local.h=091 Aug 2004 01:04:45 -0000=091.1.1.7 |+++ contrib/sendmail/libsm/local.h=0921 Mar 2006 12:43:09 -0000 -------------------------- Patching file contrib/sendmail/libsm/local.h using Plan A... Hunk #1 succeeded at 192. Hunk #2 succeeded at 276. Hunk #3 succeeded at 289. Hunk #4 succeeded at 308. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/libsm/refill.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/libsm/refill.c,v |retrieving revision 1.1.1.5 |diff -u -I__FBSDID -r1.1.1.5 refill.c |--- contrib/sendmail/libsm/refill.c=091 Aug 2004 01:04:45 -0000=091.1.1.5 |+++ contrib/sendmail/libsm/refill.c=0921 Mar 2006 12:43:09 -0000 -------------------------- Patching file contrib/sendmail/libsm/refill.c using Plan A... Hunk #1 succeeded at 76. Hunk #2 succeeded at 97. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/collect.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/collect.c,v |retrieving revision 1.1.1.19 |diff -u -I__FBSDID -r1.1.1.19 collect.c |--- contrib/sendmail/src/collect.c=091 Aug 2004 01:04:20 -0000=091.1.1.19 |+++ contrib/sendmail/src/collect.c=0921 Mar 2006 12:43:10 -0000 -------------------------- Patching file contrib/sendmail/src/collect.c using Plan A... Hunk #1 failed at 15. Hunk #2 succeeded at 262. Hunk #3 failed at 283. Hunk #4 succeeded at 319. Hunk #5 succeeded at 339. Hunk #6 succeeded at 362. Hunk #7 succeeded at 527 (offset -1 lines). Hunk #8 succeeded at 582 (offset -1 lines). Hunk #9 succeeded at 622 (offset -1 lines). Hunk #10 succeeded at 649 (offset -1 lines). Hunk #11 succeeded at 720 (offset -1 lines). Hunk #12 succeeded at 805 (offset -1 lines). Hunk #13 succeeded at 828 (offset -1 lines). Hunk #14 failed at 928. 3 out of 14 hunks failed--saving rejects to contrib/sendmail/src/collect.c.= rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/conf.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/conf.c,v |retrieving revision 1.26 |diff -u -I__FBSDID -r1.26 conf.c |--- contrib/sendmail/src/conf.c=091 Aug 2004 01:16:16 -0000=091.26 |+++ contrib/sendmail/src/conf.c=0921 Mar 2006 12:43:12 -0000 -------------------------- Patching file contrib/sendmail/src/conf.c using Plan A... Hunk #1 succeeded at 5299 (offset 9 lines). Hunk #2 succeeded at 5324 (offset 9 lines). Hunk #3 succeeded at 5367 (offset 9 lines). Hunk #4 succeeded at 5432 (offset 9 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/deliver.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v |retrieving revision 1.1.1.21 |diff -u -I__FBSDID -r1.1.1.21 deliver.c |--- contrib/sendmail/src/deliver.c=091 Aug 2004 01:04:23 -0000=091.1.1.21 |+++ contrib/sendmail/src/deliver.c=0921 Mar 2006 12:43:15 -0000 -------------------------- Patching file contrib/sendmail/src/deliver.c using Plan A... Hunk #1 succeeded at 3257. Hunk #2 succeeded at 4437 (offset 6 lines). Hunk #3 succeeded at 4453 (offset 6 lines). Hunk #4 succeeded at 4494 (offset 6 lines). Hunk #5 succeeded at 4507 (offset 6 lines). Hunk #6 succeeded at 4518 (offset 6 lines). Hunk #7 succeeded at 4556 (offset 6 lines). Hunk #8 succeeded at 4590 (offset 6 lines). Hunk #9 succeeded at 4636 (offset 6 lines). Hunk #10 succeeded at 4658 (offset 6 lines). Hunk #11 succeeded at 4750 (offset 6 lines). Hunk #12 succeeded at 4762 (offset 6 lines). Hunk #13 succeeded at 4772 (offset 6 lines). Hunk #14 succeeded at 4805 (offset 6 lines). Hunk #15 succeeded at 4866 (offset 6 lines). Hunk #16 succeeded at 4881 (offset 6 lines). Hunk #17 succeeded at 4906 (offset 6 lines). Hunk #18 succeeded at 4923 (offset 6 lines). Hunk #19 succeeded at 4949 (offset 6 lines). Hunk #20 succeeded at 4958 (offset 6 lines). Hunk #21 succeeded at 4970 (offset 6 lines). Hunk #22 succeeded at 4985 (offset 6 lines). Hunk #23 succeeded at 5544 (offset 6 lines). Hunk #24 succeeded at 6103 (offset 1 line). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/headers.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v |retrieving revision 1.20 |diff -u -I__FBSDID -r1.20 headers.c |--- contrib/sendmail/src/headers.c=091 Aug 2004 01:16:16 -0000=091.20 |+++ contrib/sendmail/src/headers.c=0921 Mar 2006 12:43:15 -0000 -------------------------- Patching file contrib/sendmail/src/headers.c using Plan A... Hunk #1 succeeded at 19. Hunk #2 succeeded at 994. Hunk #3 succeeded at 1002. Hunk #4 succeeded at 1543. Hunk #5 succeeded at 1684. Hunk #6 succeeded at 1744. Hunk #7 succeeded at 1764. Hunk #8 succeeded at 1782. Hunk #9 succeeded at 1811. Hunk #10 succeeded at 1845. Hunk #11 succeeded at 1856. Hunk #12 succeeded at 1872. Hunk #13 succeeded at 2017. Hunk #14 succeeded at 2024. Hunk #15 succeeded at 2047. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/mime.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/mime.c,v |retrieving revision 1.1.1.12 |diff -u -I__FBSDID -r1.1.1.12 mime.c |--- contrib/sendmail/src/mime.c=091 Aug 2004 01:04:28 -0000=091.1.1.12 |+++ contrib/sendmail/src/mime.c=0921 Mar 2006 12:43:16 -0000 -------------------------- Patching file contrib/sendmail/src/mime.c using Plan A... Hunk #1 succeeded at 86. Hunk #2 succeeded at 299. Hunk #3 succeeded at 309. Hunk #4 succeeded at 322. Hunk #5 succeeded at 352. Hunk #6 succeeded at 382. Hunk #7 succeeded at 492. Hunk #8 succeeded at 506. Hunk #9 succeeded at 520. Hunk #10 succeeded at 534. Hunk #11 succeeded at 565. Hunk #12 succeeded at 589. Hunk #13 succeeded at 618. Hunk #14 succeeded at 648. Hunk #15 succeeded at 687. Hunk #16 succeeded at 984 (offset 4 lines). Hunk #17 succeeded at 1001 (offset 4 lines). Hunk #18 succeeded at 1034 (offset 4 lines). Hunk #19 succeeded at 1122 (offset 4 lines). Hunk #20 succeeded at 1160 (offset 4 lines). Hunk #21 succeeded at 1180 (offset 4 lines). Hunk #22 succeeded at 1191 (offset 4 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/parseaddr.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v |retrieving revision 1.1.1.20 |diff -u -I__FBSDID -r1.1.1.20 parseaddr.c |--- contrib/sendmail/src/parseaddr.c=091 Aug 2004 01:04:28 -0000=091.1.1.2= 0 |+++ contrib/sendmail/src/parseaddr.c=0921 Mar 2006 12:43:17 -0000 -------------------------- Patching file contrib/sendmail/src/parseaddr.c using Plan A... Hunk #1 succeeded at 1337. Hunk #2 succeeded at 1352. Hunk #3 succeeded at 1407. Hunk #4 succeeded at 1509. Hunk #5 succeeded at 2936. Hunk #6 succeeded at 3150. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/savemail.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/savemail.c,v |retrieving revision 1.16 |diff -u -I__FBSDID -r1.16 savemail.c |--- contrib/sendmail/src/savemail.c=091 Aug 2004 01:16:16 -0000=091.16 |+++ contrib/sendmail/src/savemail.c=0921 Mar 2006 12:43:18 -0000 -------------------------- Patching file contrib/sendmail/src/savemail.c using Plan A... Hunk #1 succeeded at 15 with fuzz 2. Hunk #2 succeeded at 432. Hunk #3 succeeded at 733. Hunk #4 succeeded at 758. Hunk #5 succeeded at 776. Hunk #6 succeeded at 803. Hunk #7 succeeded at 858. Hunk #8 succeeded at 888. Hunk #9 succeeded at 913. Hunk #10 succeeded at 932. Hunk #11 succeeded at 986. Hunk #12 succeeded at 1016. Hunk #13 succeeded at 1029. Hunk #14 succeeded at 1046. Hunk #15 succeeded at 1063. Hunk #16 succeeded at 1085. Hunk #17 succeeded at 1104. Hunk #18 succeeded at 1148. Hunk #19 succeeded at 1157. Hunk #20 succeeded at 1207. Hunk #21 succeeded at 1222 (offset 3 lines). Hunk #22 succeeded at 1242 (offset 3 lines). Hunk #23 succeeded at 1257 (offset 3 lines). Hunk #24 succeeded at 1270 (offset 3 lines). Hunk #25 succeeded at 1280 (offset 3 lines). Hunk #26 succeeded at 1293 (offset 3 lines). Hunk #27 succeeded at 1304 (offset 3 lines). Hunk #28 succeeded at 1313 (offset 3 lines). Hunk #29 succeeded at 1347 (offset 3 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/sendmail.h |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/sendmail.h,v |retrieving revision 1.1.1.23 |diff -u -I__FBSDID -r1.1.1.23 sendmail.h |--- contrib/sendmail/src/sendmail.h=091 Aug 2004 01:04:33 -0000=091.1.1.23 |+++ contrib/sendmail/src/sendmail.h=0921 Mar 2006 12:43:19 -0000 -------------------------- Patching file contrib/sendmail/src/sendmail.h using Plan A... Hunk #1 succeeded at 809 (offset 1 line). Hunk #2 succeeded at 870 (offset 1 line). Hunk #3 succeeded at 965 (offset 1 line). Hunk #4 succeeded at 1649 (offset 3 lines). Hunk #5 succeeded at 2142 (offset 2 lines). Hunk #6 succeeded at 2516 (offset 4 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/sfsasl.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.c,v |retrieving revision 1.1.1.14 |diff -u -I__FBSDID -r1.1.1.14 sfsasl.c |--- contrib/sendmail/src/sfsasl.c=091 Aug 2004 01:04:33 -0000=091.1.1.14 |+++ contrib/sendmail/src/sfsasl.c=0921 Mar 2006 12:43:20 -0000 -------------------------- Patching file contrib/sendmail/src/sfsasl.c using Plan A... Hunk #1 succeeded at 541 (offset 25 lines). Hunk #2 succeeded at 680 (offset 25 lines). Hunk #3 succeeded at 748 (offset 25 lines). Hunk #4 succeeded at 790 (offset 25 lines). Hunk #5 succeeded at 855 (offset 25 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/sfsasl.h |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.h,v |retrieving revision 1.1.1.4 |diff -u -I__FBSDID -r1.1.1.4 sfsasl.h |--- contrib/sendmail/src/sfsasl.h=0911 Jun 2002 21:11:52 -0000=091.1.1.4 |+++ contrib/sendmail/src/sfsasl.h=0921 Mar 2006 12:43:20 -0000 -------------------------- Patching file contrib/sendmail/src/sfsasl.h using Plan A... Hunk #1 succeeded at 17. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/srvrsmtp.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/srvrsmtp.c,v |retrieving revision 1.1.1.20 |diff -u -I__FBSDID -r1.1.1.20 srvrsmtp.c |--- contrib/sendmail/src/srvrsmtp.c=091 Aug 2004 01:04:35 -0000=091.1.1.20 |+++ contrib/sendmail/src/srvrsmtp.c=0921 Mar 2006 12:43:22 -0000 -------------------------- Patching file contrib/sendmail/src/srvrsmtp.c using Plan A... Hunk #1 succeeded at 503. Hunk #2 succeeded at 1692. Hunk #3 succeeded at 1726. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/usersmtp.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/usersmtp.c,v |retrieving revision 1.1.1.18 |diff -u -I__FBSDID -r1.1.1.18 usersmtp.c |--- contrib/sendmail/src/usersmtp.c=091 Aug 2004 01:04:36 -0000=091.1.1.18 |+++ contrib/sendmail/src/usersmtp.c=0921 Mar 2006 12:43:23 -0000 -------------------------- Patching file contrib/sendmail/src/usersmtp.c using Plan A... Hunk #1 failed at 19. Hunk #2 succeeded at 2492. Hunk #3 succeeded at 2627 (offset 14 lines). Hunk #4 succeeded at 2650 (offset 14 lines). Hunk #5 succeeded at 2696 (offset 14 lines). Hunk #6 failed at 2748. 2 out of 6 hunks failed--saving rejects to contrib/sendmail/src/usersmtp.c.= rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: contrib/sendmail/src/util.c |=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D |RCS file: /home/ncvs/src/contrib/sendmail/src/util.c,v |retrieving revision 1.1.1.17 |diff -u -I__FBSDID -r1.1.1.17 util.c |--- contrib/sendmail/src/util.c=091 Aug 2004 01:04:36 -0000=091.1.1.17 |+++ contrib/sendmail/src/util.c=0921 Mar 2006 12:43:24 -0000 -------------------------- Patching file contrib/sendmail/src/util.c using Plan A... Hunk #1 succeeded at 456 (offset 1 line). Hunk #2 succeeded at 972 (offset 1 line). Hunk #3 succeeded at 1002 (offset 1 line). Hunk #4 succeeded at 1060 (offset 1 line). Hunk #5 succeeded at 1072 (offset 1 line). Hunk #6 succeeded at 1083 (offset 1 line). Hunk #7 succeeded at 1103 (offset 1 line). Hunk #8 succeeded at 1126 (offset 1 line). Hunk #9 succeeded at 1141 (offset 1 line). Hunk #10 succeeded at 1161 (offset 1 line). Hunk #11 succeeded at 1171 (offset 1 line). Hunk #12 succeeded at 1182 (offset 1 line). Hunk #13 succeeded at 1193 (offset 1 line). Hunk #14 succeeded at 2402 (offset 1 line). done exit Script done on Thu Mar 23 15:30:43 2006 From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 14:14:04 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B3C016A401 for ; Thu, 23 Mar 2006 14:14:04 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd5mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9715843D4C for ; Thu, 23 Mar 2006 14:14:03 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr8so.prod.shaw.ca (pd2mr8so-qfe3.prod.shaw.ca [10.0.141.11]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWL00K4C3JFDB00@l-daemon> for freebsd-security@freebsd.org; Thu, 23 Mar 2006 07:14:03 -0700 (MST) Received: from pn2ml9so.prod.shaw.ca ([10.0.121.7]) by pd2mr8so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWL00MGP3JFF790@pd2mr8so.prod.shaw.ca> for freebsd-security@freebsd.org; Thu, 23 Mar 2006 07:14:03 -0700 (MST) Received: from [192.168.0.60] ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IWL003X23JEPL01@l-daemon> for freebsd-security@freebsd.org; Thu, 23 Mar 2006 07:14:03 -0700 (MST) Date: Thu, 23 Mar 2006 06:14:00 -0800 From: Colin Percival In-reply-to: <2b861f820603230557i585f269dh4e6227ef2887f0cd@mail.gmail.com> To: Oleg Khomichenko Message-id: <4422AD28.6090302@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <200603221611.k2MGBV8j010104@freefall.freebsd.org> <2b861f820603230557i585f269dh4e6227ef2887f0cd@mail.gmail.com> User-Agent: Thunderbird 1.5 (X11/20060112) Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 14:14:04 -0000 Oleg Khomichenko wrote: > 15:33 [p2]root@alfa:/usr/src>uname -a > FreeBSD xxxx.xxxxxxx.xxxxxx 4.11-STABLE FreeBSD 4.11-STABLE #1: Mon > Apr 11 18:42:41 EEST 2005 > xxxx@xxxx.xxxxxxx.xxx.xx:/usr/obj/usr/src/sys/ALFA i386 > > 15:36 [p2]root@alfa:/usr/src>sendmail -d0.1 > Version 8.13.3 > > When I try to check patch (patch -C), I receive many "Hunk #n failed > at nn." see below. Try using sendmail.patch instead of sendmail411.patch. Colin Percival From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 15:23:15 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A03DB16A423 for ; Thu, 23 Mar 2006 15:23:15 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 04C5F43D49 for ; Thu, 23 Mar 2006 15:23:14 +0000 (GMT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost2.sentex.ca (8.13.4P/8.13.4) with ESMTP id k2NEEGTY074511; Thu, 23 Mar 2006 09:14:16 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3P/8.13.3) with ESMTP id k2NEEGKc084543 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Mar 2006 09:14:16 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.2.3.4.0.20060323091135.10377ea8@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Date: Thu, 23 Mar 2006 09:14:08 -0500 To: "Oleg Khomichenko" , freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: <2b861f820603230557i585f269dh4e6227ef2887f0cd@mail.gmail.co m> References: <200603221611.k2MGBV8j010104@freefall.freebsd.org> <2b861f820603230557i585f269dh4e6227ef2887f0cd@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 205.211.164.50 Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 15:23:15 -0000 At 08:57 AM 23/03/2006, Oleg Khomichenko wrote: >============================================================================= > > Announced: 2006-03-22 > > Affects: All FreeBSD releases. > > >15:33 [p2]root@alfa:/usr/src>uname -a >FreeBSD xxxx.xxxxxxx.xxxxxx 4.11-STABLE FreeBSD 4.11-STABLE #1: Mon >Apr 11 18:42:41 EEST 2005 >xxxx@xxxx.xxxxxxx.xxx.xx:/usr/obj/usr/src/sys/ALFA i386 For RELENG_4, I used the same patch that is used on RELENG_5 and RELENG_6. ie ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch and it seems to apply cleanly and work. ---Mike From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 18:15:17 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23D0616A401 for ; Thu, 23 Mar 2006 18:15:17 +0000 (UTC) (envelope-from Cy.Schubert@komquats.com) Received: from spqr.komquats.com (S0106002078125c0c.gv.shawcable.net [24.108.150.239]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4C8143D46 for ; Thu, 23 Mar 2006 18:15:16 +0000 (GMT) (envelope-from Cy.Schubert@komquats.com) Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by spqr.komquats.com (Postfix) with ESMTP id B32704C5CE; Thu, 23 Mar 2006 10:15:09 -0800 (PST) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.13.4/8.13.4) with ESMTP id k2NIF8D4033704; Thu, 23 Mar 2006 10:15:08 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Message-Id: <200603231815.k2NIF8D4033704@cwsys.cwsent.com> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2 From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: Mike Tancsa In-Reply-To: Message from Mike Tancsa of "Wed, 22 Mar 2006 13:40:32 EST." <6.2.3.4.0.20060322133802.0a0ad290@64.7.153.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 23 Mar 2006 10:15:08 -0800 Sender: Cy.Schubert@komquats.com Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cy Schubert List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 18:15:17 -0000 In message <6.2.3.4.0.20060322133802.0a0ad290@64.7.153.2>, Mike Tancsa writes: > > Hi, > The patches apply cleanly on RELENG_4, but sendmail does not > compile properly using > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch > /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:944: > `CollectTimeout' undeclared (first use in this function) > /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:958: > `CtxCollectTimeout' undeclared (first use in this function) > *** Error code 1 > > Stop in /usr/src/usr.sbin/sendmail. > > This is on > 4.11-STABLE FreeBSD 4.11-STABLE #0: Mon Feb 13 17:36:36 EST 2006 I had no problems building on my 4.11 ports build testbed at home nor any of the 4.11 systems we still have here at work. I did a CVSup though. -- Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5231 Team Leader, Solaris Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Labour and Citizens' Services Province of BC FreeBSD UNIX: cy@FreeBSD.org From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 18:18:42 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E050F16A420 for ; Thu, 23 Mar 2006 18:18:42 +0000 (UTC) (envelope-from bigby@ephemeron.org) Received: from dsl.ephemeron.org (dsl092-035-072.lax1.dsl.speakeasy.net [66.92.35.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9872143D6B for ; Thu, 23 Mar 2006 18:18:38 +0000 (GMT) (envelope-from bigby@ephemeron.org) Received: from home.ephemeron.org (root@home.fake.net [10.0.2.3]) by dsl.ephemeron.org (8.12.8/8.12.11) with ESMTP id k2NIIco8021556 for ; Thu, 23 Mar 2006 10:18:38 -0800 (PST) (envelope-from bigby@ephemeron.org) Received: from home.ephemeron.org (bigby@localhost [127.0.0.1]) by home.ephemeron.org (8.13.4/8.13.4) with ESMTP id k2NIJpZG019202 for ; Thu, 23 Mar 2006 10:19:51 -0800 (PST) (envelope-from bigby@ephemeron.org) Received: from localhost (bigby@localhost) by home.ephemeron.org (8.13.4/8.13.4/Submit) with ESMTP id k2NIJpWk019199 for ; Thu, 23 Mar 2006 10:19:51 -0800 (PST) (envelope-from bigby@ephemeron.org) X-Authentication-Warning: home.ephemeron.org: bigby owned process doing -bs Date: Thu, 23 Mar 2006 10:19:51 -0800 (PST) From: Bigby Findrake To: freebsd-security@freebsd.org In-Reply-To: <200603221611.k2MGBV8j010104@freefall.freebsd.org> Message-ID: <20060323101735.J16906@home.ephemeron.org> References: <200603221611.k2MGBV8j010104@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 18:18:43 -0000 Does an attacker need network access to the machine, or does the attacker merely need to be able to get an SMTP message to the machine? /-------------------------------------------------------------------------/ When we write computer programs that "learn", it turns out that we do and they don't. finger://bigby@ephemeron.org http://www.ephemeron.org/~bigby/ irc://irc.ephemeron.org/#the_pub /-------------------------------------------------------------------------/ From owner-freebsd-security@FreeBSD.ORG Thu Mar 23 18:31:21 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5F8F16A401 for ; Thu, 23 Mar 2006 18:31:21 +0000 (UTC) (envelope-from ca+envelope@esmtp.org) Received: from zardoc.esmtp.org (adsl-63-195-85-27.dsl.snfc21.pacbell.net [63.195.85.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0F5E43D45 for ; Thu, 23 Mar 2006 18:31:21 +0000 (GMT) (envelope-from ca+envelope@esmtp.org) Received: from zardoc.esmtp.org (localhost. [127.0.0.1]) by zardoc.esmtp.org (sendmail X.1.0.PreAlpha3.0) with ESMTPS (TLS=TLSv1/SSLv3, cipher=AES256-SHA, bits=256, verify=OK) id S0000000000029F1900; Thu, 23 Mar 2006 10:31:20 -0800 Received: (from ca@localhost) by zardoc.esmtp.org (8.13.4/8.12.10.Beta0/Submit) id k2NIVKaV007866 for freebsd-security@freebsd.org; Thu, 23 Mar 2006 10:31:20 -0800 (PST) Date: Thu, 23 Mar 2006 10:31:20 -0800 From: Claus Assmann To: freebsd-security@freebsd.org Message-ID: <20060323183120.GA28503@zardoc.esmtp.org> References: <200603221611.k2MGBV8j010104@freefall.freebsd.org> <20060323101735.J16906@home.ephemeron.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060323101735.J16906@home.ephemeron.org> User-Agent: Mutt/1.5.9i Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 18:31:22 -0000 On Thu, Mar 23, 2006, Bigby Findrake wrote: > Does an attacker need network access to the machine, or does the attacker Yes. > merely need to be able to get an SMTP message to the machine? He needs to control the timeouts (AFAICT). From owner-freebsd-security@FreeBSD.ORG Fri Mar 24 12:57:21 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F22116A401 for ; Fri, 24 Mar 2006 12:57:21 +0000 (UTC) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 768F443D48 for ; Fri, 24 Mar 2006 12:57:19 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from localhost (rocky.ip.net.ua [82.193.96.2]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id k2OCvEDd093733; Fri, 24 Mar 2006 14:57:14 +0200 (EET) (envelope-from ru@ip.net.ua) Received: from tigra.ip.net.ua ([82.193.96.10]) by localhost (rocky.ip.net.ua [82.193.96.2]) (amavisd-new, port 10024) with LMTP id 30813-01; Fri, 24 Mar 2006 14:56:56 +0200 (EET) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id k2OCu5ST093685 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 24 Mar 2006 14:56:05 +0200 (EET) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.4/8.13.4) id k2OCuTuQ063654; Fri, 24 Mar 2006 14:56:29 +0200 (EET) (envelope-from ru) Date: Fri, 24 Mar 2006 14:56:28 +0200 From: Ruslan Ermilov To: Dmitry Pryanishnikov Message-ID: <20060324125628.GA63626@ip.net.ua> References: <200603221611.k2MGBV21010114@freefall.freebsd.org> <20060323103739.X90993@atlantis.atlantis.dp.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <20060323103739.X90993@atlantis.atlantis.dp.ua> User-Agent: Mutt/1.5.11 X-Virus-Scanned: amavisd-new at ip.net.ua Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 12:57:21 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 23, 2006 at 10:44:05AM +0200, Dmitry Pryanishnikov wrote: >=20 > Hello! >=20 > On Wed, 22 Mar 2006, FreeBSD Security Advisories wrote: > > Path > >- ----------------------------------------------------------------------= --- > >RELENG_4 > > src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1 > > src/contrib/sendmail/libsm/local.h 1.1.1.1.2.6 > > src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.4 >=20 > This doesn't change sendmail's identification string - it's still "8.13.= 1" > on RELENG_4_11, which makes detection of unpatched systems more difficult > to sysadmin. Wouldn't be wise to add, say, "-p1" to this string in=20 > version.c? >=20 It depends on what you think about whether it's good or not that it's undetectable. I prefer it to be not-detectable. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEI+x8qRfpzJluFF4RAmeTAJ4kDYvXvT3x7SFUtrLuqQy2k1rptgCeIPsf 0hFYRIGSfp/JsFh7OQmjy5w= =K9m+ -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2-- From owner-freebsd-security@FreeBSD.ORG Fri Mar 24 13:53:28 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC6FC16A428; Fri, 24 Mar 2006 13:53:28 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BEBA43D46; Fri, 24 Mar 2006 13:53:26 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2ODrBB5098098; Fri, 24 Mar 2006 15:53:11 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Fri, 24 Mar 2006 15:53:11 +0200 (EET) From: Dmitry Pryanishnikov To: Ruslan Ermilov In-Reply-To: <20060324125628.GA63626@ip.net.ua> Message-ID: <20060324154927.G71617@atlantis.atlantis.dp.ua> References: <200603221611.k2MGBV21010114@freefall.freebsd.org> <20060323103739.X90993@atlantis.atlantis.dp.ua> <20060324125628.GA63626@ip.net.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 13:53:28 -0000 Hello! On Fri, 24 Mar 2006, Ruslan Ermilov wrote: >> This doesn't change sendmail's identification string - it's still "8.13.1" >> on RELENG_4_11, which makes detection of unpatched systems more difficult >> to sysadmin. Wouldn't be wise to add, say, "-p1" to this string in ---^^^^^^^^^^^ I meant just this - to sysadmin, not to attackers. >> version.c? >> > It depends on what you think about whether it's good or not > that it's undetectable. I prefer it to be not-detectable. So do I - that's why I removed version info from my settings for confSMTP_LOGIN_MSG long time ago ;) Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-security@FreeBSD.ORG Fri Mar 24 13:56:53 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8B5D16A401; Fri, 24 Mar 2006 13:56:53 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5ADB943D45; Fri, 24 Mar 2006 13:56:53 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 952AF5CEA; Fri, 24 Mar 2006 08:56:52 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82524-07; Fri, 24 Mar 2006 08:56:50 -0500 (EST) Received: from [192.168.1.3] (pool-68-160-194-11.ny325.east.verizon.net [68.160.194.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id B4BA15C6D; Fri, 24 Mar 2006 08:56:49 -0500 (EST) Message-ID: <4423FAA7.1070705@mac.com> Date: Fri, 24 Mar 2006 08:56:55 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Ruslan Ermilov References: <200603221611.k2MGBV21010114@freefall.freebsd.org> <20060323103739.X90993@atlantis.atlantis.dp.ua> <20060324125628.GA63626@ip.net.ua> In-Reply-To: <20060324125628.GA63626@ip.net.ua> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: Dmitry Pryanishnikov , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2006 13:56:53 -0000 Ruslan Ermilov wrote: > On Thu, Mar 23, 2006 at 10:44:05AM +0200, Dmitry Pryanishnikov wrote: [ ... ] >> This doesn't change sendmail's identification string - it's still "8.13.1" >> on RELENG_4_11, which makes detection of unpatched systems more difficult >> to sysadmin. Wouldn't be wise to add, say, "-p1" to this string in >> version.c? >> > It depends on what you think about whether it's good or not > that it's undetectable. I prefer it to be not-detectable. Previous sendmail-based exploits involved hosts being compromised by automated worms which try their attacks against every IP they can talk to on the SMTP port, regardless of version number information displayed, or by malicious email which exploited MIME header string buffer problems, a mechanism which also paid no attention to the SMTP banner version info. If someone wants to conceal the sendmail version info, there are mechanisms in place to do so which solve that problem more effectively. If you don't want the sendmail version numbers to appear in the banner on port 25, the better solution is to add this to your sendmail.mc file: define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b; no UCE; C=US, L=NY.')dnl [ Adjust region, country code, and SMTP policy to suit your local needs. ] If you also want to conceal version information in the mail headers, either override the values of the $v and $Z macros, which are typically set like so: # Configuration version number DZ8.13.6 ...or override the Received: header line being generated by changing this: HReceived: $?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} ^^^^^^^ I would like the output of "sendmail -d0.1" to correctly indicate what the version actually is so I can track it, even if I felt it appropriate or necessary to conceal that information from non-local users. -- -Chuck PS: I very much wish that software would not attempt to conceal which version it actually is, because that fosters absurd situations like web browser User-agent strings ("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"). That version string is obscure all right, but hardly secure. From owner-freebsd-security@FreeBSD.ORG Sat Mar 25 08:02:11 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B15C16A400 for ; Sat, 25 Mar 2006 08:02:11 +0000 (UTC) (envelope-from freebsd@syskit.com) Received: from gw.syskit.com (gw.shvets.name [80.78.47.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 653C843D49 for ; Sat, 25 Mar 2006 08:02:10 +0000 (GMT) (envelope-from freebsd@syskit.com) Received: from 127.0.0.1 (tornado [192.168.0.1]) by gw.syskit.com (8.13.6/8.13.6) with ESMTP id k2P8289q000795 for ; Sat, 25 Mar 2006 10:02:08 +0200 (EET) (envelope-from freebsd@syskit.com) X-AntiVirus: Checked by Dr.Web [version: 4.33, engine: 4.33.2.02271, virus records: 107130, updated: 20.02.2006] Date: Sat, 25 Mar 2006 10:02:04 +0200 From: Yaroslav Shvets X-Mailer: The Bat! (v1.63 Beta/7) Business Organization: SysKit X-Priority: 3 (Normal) Message-ID: <17539855459.20060325100204@syskit.com> To: freebsd-security@freebsd.org In-Reply-To: <20060324125628.GA63626@ip.net.ua> References: <200603221611.k2MGBV21010114@freefall.freebsd.org> <20060323103739.X90993@atlantis.atlantis.dp.ua> <20060324125628.GA63626@ip.net.ua> MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Yaroslav Shvets List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 08:02:11 -0000 Hello Ruslan, Friday, March 24, 2006, 2:56:28 PM, you wrote: >> This doesn't change sendmail's identification string - it's still "8.13.1" >> on RELENG_4_11, which makes detection of unpatched systems more difficult >> to sysadmin. Wouldn't be wise to add, say, "-p1" to this string in >> version.c? RE> It depends on what you think about whether it's good or not RE> that it's undetectable. I prefer it to be not-detectable. After update I have seen version numbers (8.13.1 for RELENG_4_11 and 8.13.4 for RELENG_6_0). Got check for the safe version on sendmail.org - 8.13.6 and ... rebuilt new sendmail again manually. Some people have decided, that there was a mistake. IMHO, it was necessary to fix version numbers. Everyone know, how it to hide. -- Best regards, Yaroslav Shvets mailto: freebsd@syskit.com icq: 105666