[FUGSPBR] para quem usa sendmail
andre
andreq em infolink.com.br
Ter Mar 4 20:27:11 BRT 2003
Parece que freebsd não é muito vulnerável, mas em linux já tem até exploit.
----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories em freebsd.org>
To: "Bugtraq" <bugtraq em securityfocus.com>
Sent: Monday, March 03, 2003 2:11 PM
Subject: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
============================================================================
=
> FreeBSD-SA-03:04.sendmail Security
Advisory
> The FreeBSD
Project
>
> Topic: sendmail header parsing buffer overflow
>
> Category: contrib
> Module: contrib_sendmail
> Announced: 2003-03-03
> Credits: Mark Dowd (ISS)
> Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4
> FreeBSD 4-STABLE prior to the correction date
> Corrected: 2003-03-03
> FreeBSD only: NO
>
> I. Background
>
> FreeBSD includes sendmail(8), a general purpose internetwork mail
> routing facility, as the default Mail Transfer Agent (MTA).
>
> II. Problem Description
>
> ISS has identified a buffer overflow that may occur during header
> parsing in all versions of sendmail after version 5.79.
>
> In addition, Sendmail, Inc. has identified and corrected a defect in
> buffer handling within sendmail's RFC 1413 ident protocol support.
>
> III. Impact
>
> A remote attacker could create a specially crafted message that may
> cause sendmail to execute arbitrary code with the privileges of the
> user running sendmail, typically root. The malicious message might be
> handled (and therefore the vulnerability triggered) by the initial
> sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail
> process. Exploiting this defect is particularly difficult, but is
> believed to be possible.
>
> The defect in the ident routines is not believed to be exploitable.
>
> IV. Workaround
>
> There is no workaround, other than disabling sendmail.
>
> V. Solution
>
> Do one of the following:
>
> 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0,
> RELENG_4_7, or RELENG_4_6 security branch dated after the correction
> date (5.0-RELEASE-p4, 4.7-RELEASE-p7, or 4.6.2-RELEASE-p10,
> respectively).
>
> [NOTE: At the time of this writing, the FreeBSD 4-STABLE branch is
> labeled `4.8-RC1'.]
>
> 2) To patch your present system:
>
> The following patch has been verified to apply to FreeBSD 5.0, 4.7,
> and 4.6 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/lib/libsm
> # make obj && make depend && make
> # cd /usr/src/lib/libsmutil
> # make obj && make depend && make
> # cd /usr/src/usr.sbin/sendmail
> # make obj && make depend && make && make install
>
> 3) For i386 systems only, a patched sendmail binary is available.
> Select the correct binary based on your FreeBSD version and whether or
> not you want STARTTLS support. If you want STARTTLS support, you must
> have the crypto distribution installed.
>
> a) Download the relevant binary from the location below, and verify
> the detached PGP signature using your PGP utility.
>
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-cr
ypto.bin.gz
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-cr
ypto.bin.gz.asc
>
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-no
crypto.bin.gz
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-no
crypto.bin.gz.asc
>
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-cr
ypto.bin.gz
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-cr
ypto.bin.gz.asc
>
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-no
crypto.bin.gz
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-no
crypto.bin.gz.asc
>
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-cr
ypto.bin.gz
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-cr
ypto.bin.gz.asc
>
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-no
crypto.bin.gz
>
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-no
crypto.bin.gz.asc
>
> b) Install the binary. Execute the following commands as root.
> Note that these examples utilizes the FreeBSD 4.7 crypto binary.
> Substitute BINARYGZ with the file name which you downloaded in
> step (a).
>
> # BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz
> # gunzip ${BINARYGZ}
> # install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz}
/usr/libexec/sendmail/sendmail
>
> c) Restart sendmail. Execute the following command as root.
>
> # /bin/sh /etc/rc.sendmail restart
>
> VI. Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
>
> Path Revision
> Branch
> - ------------------------------------------------------------------------
-
> src/contrib/src/sendmail.h
> src/contrib/sendmail/src/daemon.c
> src/contrib/sendmail/src/headers.c
> src/contrib/sendmail/src/main.c
> src/contrib/sendmail/src/parseaddr.c
> - ------------------------------------------------------------------------
-
>
> VII. References
>
> <URL: http://www.kb.cert.org/vuls/id/398025 >
> <URL: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 >
> <URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (FreeBSD)
>
> iD8DBQE+Y4sVFdaIBMps37IRAudhAJ9eOnD1h6UOANKPpD4OW7lTk3tjnwCfV4sW
> 1KK2fkVaPFNIDC7VEPh+Aew=
> =lWwz
> -----END PGP SIGNATURE-----
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd