From owner-freebsd-stable Mon Mar 3 12:43:12 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C49E37B401 for ; Mon, 3 Mar 2003 12:43:11 -0800 (PST) Received: from matrix.42.org (matrix.42.org [194.246.250.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9956D43F93 for ; Mon, 3 Mar 2003 12:43:09 -0800 (PST) (envelope-from sec@42.org) Received: (from sec@localhost) by matrix.42.org (8.8.8/8.8.5) id VAA12258 for freebsd-stable@freebsd.org (sender ); Mon, 3 Mar 2003 21:43:07 +0100 (CET) Date: Mon, 3 Mar 2003 21:43:06 +0100 From: Stefan `Sec` Zehl To: freebsd-stable@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail Message-ID: <20030303204306.GA12159@matrix.42.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i I-love-doing-this: really X-Modeline: vim:set ts=8 sw=4 smarttab tw=72 si noic notitle: Accept-Languages: de, en X-URL: http://sec.42.org/ Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 09:11 AM 03/03/2003 -0800, FreeBSD Security Advisories wrote: >Module: contrib_sendmail >Announced: 2003-03-03 >Credits: Mark Dowd (ISS) >Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 > FreeBSD 4-STABLE prior to the correction date >Corrected: 2003-03-03 >1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, I still have a FreeBSD-2.8 (-STABLE) system running which includes sendmail-8.8.8. As the patches on sendmail.org only apply to sendmail-8.9 - sendmail-8.12, i ported the patch. Perhaps someone else needs this patch, so I've put it up for ftp at ftp://ftp.42.org/sendmail.8.8.8.patch As I don't have an example E-Mail to test, I can not _guarantee_ that this fixes it. But given the fact that I only had to change two lines (which both were function declarations) from the official supported patch, I'm sure that this patch fixes the problem. CU, Sec -- ``oh no! the gronkulator is broken!'' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message