Date: Mon, 25 Aug 2003 15:44:09 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: freebsd-security@FreeBSD.org Subject: NOTE regarding sendmail DNS map issue Message-ID: <20030825204409.GA35646@madman.celabo.org>
next in thread | raw e-mail | index | archive | help
You may or may not have already seen: <URL: http://www.sendmail.org/dnsmap1.html>; I thought I'd drop an explanatory note here until I publish an advisory. This problem has been known for some time (it was first reported in FreeBSD PR#54367). The default configuration of sendmail is unaffected, and it is unknown whether the issue is truly exploitable by any means. Nonetheless, I requested that sendmail.org publish a notice so that we (FreeBSD) could also publish an advisory and merge the fix into our security branches ``just in case''. Since they have now announced the issue, we'll take care of the advisory this week. The fix is already in Sendmail 8.12.9 and so is already in 5.1-RELEASE and later as well as 4.8-STABLE (but not 4.8-RELEASE). Also, I believe the error was introduced in Sendmail 8.12.2, and so it is not present in FreeBSD releases before 4.5-RELEASE. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030825204409.GA35646>