From owner-freebsd-questions Mon Mar 3 13:56:38 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDAE437B401 for ; Mon, 3 Mar 2003 13:56:33 -0800 (PST) Received: from scuff.cc.utexas.edu (scuff.cc.utexas.edu [128.83.135.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id E184C43FDF for ; Mon, 3 Mar 2003 13:56:32 -0800 (PST) (envelope-from osilva@scuff.cc.utexas.edu) Received: from chepe.mail.utexas.edu (chepe.cc.utexas.edu [128.83.135.25]) by scuff.cc.utexas.edu (8.11.6/8.11.2) with ESMTP id h23LuVR20539 for ; Mon, 3 Mar 2003 15:56:31 -0600 Message-Id: <5.1.0.14.2.20030303155440.01a87a80@scuff.cc.utexas.edu> X-Sender: osilva@scuff.cc.utexas.edu X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 03 Mar 2003 15:56:40 -0600 To: freebsd-questions@freebsd.org From: Oscar Ricardo Silva Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail In-Reply-To: <200303031711.h23HBbVf059406@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Anybody know how we should approach this for older versions of FreeBSD? Is upgrading source and rebuilding the only way? I was wondering if there were binary versions or patches for older versions so we don't have upgrade, rebuild and reboot. At 09:11 AM 3/3/2003 -0800, FreeBSD Security Advisories, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >============================================================================= >FreeBSD-SA-03:04.sendmail Security Advisory > The FreeBSD Project > >Topic: sendmail header parsing buffer overflow > >Category: contrib >Module: contrib_sendmail >Announced: 2003-03-03 >Credits: Mark Dowd (ISS) >Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 > FreeBSD 4-STABLE prior to the correction date >Corrected: 2003-03-03 >FreeBSD only: NO > >I. Background > >FreeBSD includes sendmail(8), a general purpose internetwork mail >routing facility, as the default Mail Transfer Agent (MTA). > >II. Problem Description > >ISS has identified a buffer overflow that may occur during header >parsing in all versions of sendmail after version 5.79. > >In addition, Sendmail, Inc. has identified and corrected a defect in >buffer handling within sendmail's RFC 1413 ident protocol support. > >III. Impact > >A remote attacker could create a specially crafted message that may >cause sendmail to execute arbitrary code with the privileges of the >user running sendmail, typically root. The malicious message might be >handled (and therefore the vulnerability triggered) by the initial >sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail >process. Exploiting this defect is particularly difficult, but is >believed to be possible. > >The defect in the ident routines is not believed to be exploitable. > >IV. Workaround > >There is no workaround, other than disabling sendmail. > >V. Solution > >Do one of the following: > >1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, >RELENG_4_7, or RELENG_4_6 security branch dated after the correction >date (5.0-RELEASE-p4, 4.7-RELEASE-p7, or 4.6.2-RELEASE-p10, >respectively). > >[NOTE: At the time of this writing, the FreeBSD 4-STABLE branch is > labeled `4.8-RC1'.] > >2) To patch your present system: > >The following patch has been verified to apply to FreeBSD 5.0, 4.7, >and 4.6 systems. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc > >b) Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch ># cd /usr/src/lib/libsm ># make obj && make depend && make ># cd /usr/src/lib/libsmutil ># make obj && make depend && make ># cd /usr/src/usr.sbin/sendmail ># make obj && make depend && make && make install > >3) For i386 systems only, a patched sendmail binary is available. >Select the correct binary based on your FreeBSD version and whether or >not you want STARTTLS support. If you want STARTTLS support, you must >have the crypto distribution installed. > >a) Download the relevant binary from the location below, and verify >the detached PGP signature using your PGP utility. > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc > >b) Install the binary. Execute the following commands as root. >Note that these examples utilizes the FreeBSD 4.7 crypto binary. >Substitute BINARYGZ with the file name which you downloaded in >step (a). > ># BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz ># gunzip ${BINARYGZ} ># install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} >/usr/libexec/sendmail/sendmail > >c) Restart sendmail. Execute the following command as root. > ># /bin/sh /etc/rc.sendmail restart > >VI. Correction details > >The following list contains the revision numbers of each file that was >corrected in FreeBSD. > >Path Revision > Branch >- ------------------------------------------------------------------------- >src/contrib/src/sendmail.h >src/contrib/sendmail/src/daemon.c >src/contrib/sendmail/src/headers.c >src/contrib/sendmail/src/main.c >src/contrib/sendmail/src/parseaddr.c >- ------------------------------------------------------------------------- > >VII. References > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (FreeBSD) > >iD8DBQE+Y4sVFdaIBMps37IRAudhAJ9eOnD1h6UOANKPpD4OW7lTk3tjnwCfV4sW >1KK2fkVaPFNIDC7VEPh+Aew= >=lWwz >-----END PGP SIGNATURE----- > >This is the moderated mailing list freebsd-announce. >The list contains announcements of new FreeBSD capabilities, >important events and project milestones. >See also the FreeBSD Web pages at http://www.freebsd.org > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-announce" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message