Date: Wed, 17 Sep 2003 12:36:46 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Marco Trentini <mark@remotelab.org> Cc: freebsd-stable@freebsd.org Subject: Re: Sendmail vulnerability Message-ID: <20030917173646.GA5654@madman.celabo.org> In-Reply-To: <3F6897D8.5050503@remotelab.org> References: <3F688BD4.2030305@remotelab.org> <3F6897D8.5050503@remotelab.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 17, 2003 at 07:20:24PM +0200, Marco Trentini wrote: > >-------- Original Message -------- > >Subject: Sendmail vulnerability > >Date: Wed, 17 Sep 2003 11:21:18 -0500 > >From: Jacques A. Vidrine <nectar@freebsd.org> > >To: freebsd-security@freebsd.org > > > >You've probably already seen the latest sendmail vulnerability. > > > >http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html > > > > > >I believe you can apply the following patch to any of the security > >branches: > > > >http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 > > > > > >Download the patch and: > > > > # cd /usr/src > > # patch -p1 < /path/to/patch > > # cd /usr/src/usr.sbin/sendmail > > # make obj && make depend && make && make install > > > > > >Official advisory will go out later today. > > I've tried to make that but I get this error (on a stable with today > sources): Sorry, I left out some steps that are in the draft advisory and are important if you don't already have a populated /usr/obj from a previous buildworld. # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030917173646.GA5654>