Date: Mon, 03 Mar 2003 15:56:40 -0600 From: Oscar Ricardo Silva <osilva@scuff.cc.utexas.edu> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail Message-ID: <5.1.0.14.2.20030303155440.01a87a80@scuff.cc.utexas.edu> In-Reply-To: <200303031711.h23HBbVf059406@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Anybody know how we should approach this for older versions of FreeBSD? Is upgrading source and rebuilding the only way? I was wondering if there were binary versions or patches for older versions so we don't have upgrade, rebuild and reboot. At 09:11 AM 3/3/2003 -0800, FreeBSD Security Advisories, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >============================================================================= >FreeBSD-SA-03:04.sendmail Security Advisory > The FreeBSD Project > >Topic: sendmail header parsing buffer overflow > >Category: contrib >Module: contrib_sendmail >Announced: 2003-03-03 >Credits: Mark Dowd (ISS) >Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 > FreeBSD 4-STABLE prior to the correction date >Corrected: 2003-03-03 >FreeBSD only: NO > >I. Background > >FreeBSD includes sendmail(8), a general purpose internetwork mail >routing facility, as the default Mail Transfer Agent (MTA). > >II. Problem Description > >ISS has identified a buffer overflow that may occur during header >parsing in all versions of sendmail after version 5.79. > >In addition, Sendmail, Inc. has identified and corrected a defect in >buffer handling within sendmail's RFC 1413 ident protocol support. > >III. Impact > >A remote attacker could create a specially crafted message that may >cause sendmail to execute arbitrary code with the privileges of the >user running sendmail, typically root. The malicious message might be >handled (and therefore the vulnerability triggered) by the initial >sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail >process. Exploiting this defect is particularly difficult, but is >believed to be possible. > >The defect in the ident routines is not believed to be exploitable. > >IV. Workaround > >There is no workaround, other than disabling sendmail. > >V. Solution > >Do one of the following: > >1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, >RELENG_4_7, or RELENG_4_6 security branch dated after the correction >date (5.0-RELEASE-p4, 4.7-RELEASE-p7, or 4.6.2-RELEASE-p10, >respectively). > >[NOTE: At the time of this writing, the FreeBSD 4-STABLE branch is > labeled `4.8-RC1'.] > >2) To patch your present system: > >The following patch has been verified to apply to FreeBSD 5.0, 4.7, >and 4.6 systems. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc > >b) Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch ># cd /usr/src/lib/libsm ># make obj && make depend && make ># cd /usr/src/lib/libsmutil ># make obj && make depend && make ># cd /usr/src/usr.sbin/sendmail ># make obj && make depend && make && make install > >3) For i386 systems only, a patched sendmail binary is available. >Select the correct binary based on your FreeBSD version and whether or >not you want STARTTLS support. If you want STARTTLS support, you must >have the crypto distribution installed. > >a) Download the relevant binary from the location below, and verify >the detached PGP signature using your PGP utility. > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc > >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz >ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc > >b) Install the binary. Execute the following commands as root. >Note that these examples utilizes the FreeBSD 4.7 crypto binary. >Substitute BINARYGZ with the file name which you downloaded in >step (a). > ># BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz ># gunzip ${BINARYGZ} ># install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} >/usr/libexec/sendmail/sendmail > >c) Restart sendmail. Execute the following command as root. > ># /bin/sh /etc/rc.sendmail restart > >VI. Correction details > >The following list contains the revision numbers of each file that was >corrected in FreeBSD. > >Path Revision > Branch >- ------------------------------------------------------------------------- >src/contrib/src/sendmail.h >src/contrib/sendmail/src/daemon.c >src/contrib/sendmail/src/headers.c >src/contrib/sendmail/src/main.c >src/contrib/sendmail/src/parseaddr.c >- ------------------------------------------------------------------------- > >VII. References > ><URL: http://www.kb.cert.org/vuls/id/398025 > ><URL: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 > ><URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (FreeBSD) > >iD8DBQE+Y4sVFdaIBMps37IRAudhAJ9eOnD1h6UOANKPpD4OW7lTk3tjnwCfV4sW >1KK2fkVaPFNIDC7VEPh+Aew= >=lWwz >-----END PGP SIGNATURE----- > >This is the moderated mailing list freebsd-announce. >The list contains announcements of new FreeBSD capabilities, >important events and project milestones. >See also the FreeBSD Web pages at http://www.freebsd.org > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-announce" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20030303155440.01a87a80>