From owner-freebsd-security@FreeBSD.ORG Tue Jun 3 20:03:58 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B55C22F8 for ; Tue, 3 Jun 2014 20:03:58 +0000 (UTC) Received: from awww.jeah.net (mail-first2.jeah.net [208.185.93.226]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 75F3524AC for ; Tue, 3 Jun 2014 20:03:57 +0000 (UTC) Received: from [0.0.0.0] (localhost.jeah.net [127.0.0.1]) by awww.jeah.net (8.14.6/8.14.6) with ESMTP id s53JdY6o002811 for ; Tue, 3 Jun 2014 14:39:35 -0500 (CDT) (envelope-from chris@jeah.co) Message-ID: <538E2472.5070809@jeah.co> Date: Tue, 03 Jun 2014 14:39:30 -0500 From: Chris User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail References: <201406031934.s53JYAn9015020@freefall.freebsd.org> In-Reply-To: <201406031934.s53JYAn9015020@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.4 required=4.0 tests=ALL_TRUSTED,BAYES_00, KHOP_PGP_INLINE,KHOP_THREADED autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on awww.jeah.net X-Mailman-Approved-At: Tue, 03 Jun 2014 20:20:04 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 20:03:58 -0000 http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch does not exist. Chris On 6/3/2014 2:34 PM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-14:11.sendmail Security Advisory > The FreeBSD Project > > Topic: sendmail improper close-on-exec flag handling > > Category: contrib > Module: sendmail > Announced: 2014-06-03 > Affects: All supported versions of FreeBSD. > Corrected: 2014-05-26 15:35:11 UTC (stable/10, 10.0-STABLE) > 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4) > 2014-05-26 20:10:00 UTC (stable/9, 9.3-PRERELEASE) > 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7) > 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14) > 2014-05-26 15:30:27 UTC (stable/8, 8.4-STABLE) > 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11) > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > FreeBSD includes sendmail(8), a general purpose internetwork mail > routing facility, as the default Mail Transfer Agent (MTA). > > FreeBSD uses file descriptor as an abstract indicator for accessing a file. > Upon execve(2), file descriptors open in the calling process image remain > open in the new process image, except for those for which the close-on-exec > flag is set. > > II. Problem Description > > There is a programming error in sendmail(8) that prevented open file > descriptors have close-on-exec properly set. Consequently a subprocess > will be able to access all open files that the parent process have open. > > III. Impact > > A local user who can execute their own program for mail delivery will be > able to interfere with an open SMTP connection. > > IV. Workaround > > Do not allow untrusted users to specify programs for mail delivery, for > instance, procmail. > > Systems that do not use sendmail(8) MTA are not affected. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch > # fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch.asc > # gpg --verify sendmail.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in . > > Restart the applicable daemons, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/8/ r266693 > releng/8.4/ r267019 > stable/9/ r266711 > releng/9.1/ r267018 > releng/9.2/ r267018 > stable/10/ r266692 > releng/10.0/ r267017 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (FreeBSD) > > iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnMxgP/0N9dTCKztkx92+Er1riKEns > k0dfQswsTn2BwKzqIwiuzYcC9YFuBbU/ydfhIy3CGHJoZXd98sl0IZkWok7N7gYb > N46aSyMypHh5RtoxtRm7aLhmKSBXiXhygwoeV8HW5fBhgZG544BQ+zs3wDWL/Y4J > sfTEV4C254hm8+loCjtg+WIoFDtaYFWTWCUm1Yhxb1puN5scCNNgbvqvmhmrCLtb > n/AoWUvqQi8B7tu2YafbG+BE8qaLC+tGpqC4mF3NxtNUX++4HMC6ZhbcOaa2PKrk > kepReV/zdc3DaZ0e0KsiwFBiWMe9NW0RjHaZeDe3wzbX9fer2WjoOszLw7xLo/8s > GPZwI+fPRysKGRXeW+0Bp3itbHYAFUhS5PttZQcGqzFKIRNLdVcAIMsj/+j32/LM > vVw3e1NpsIhpxqIorxJEwuBxr4SWzCY26TbJVG+jWqEzhaRgjgpW+TZ2bhW3EDKm > CNnngufJzh54/rEKolWxntyiw442JRpcPvumiUiH9WmRHipkCrMttQGA9TfjUy0u > diQFs/nWNa9YeUkF1jB7eMFoJubg5d/7/gDFPbHMvgjP7kN75k1TmeyzrBVUuplH > ek+XMzxkWYPStw1QHub94VpKhVm7fjvLrq2+2bfdQnM7bRbgwdA66jSwqVQ569Hr > oOFXJjVfz279BMqszAsw > =JUzV > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org"