枫林在线论坛精华区>>信息安全

[101527] 主题： FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail

	作者： guaiguai520. (guaiguai520.)
	标题： FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail[转载]
	来自： 202.112.*.*
	发贴时间： 2003年09月18日 09:17:47
	长度： 7653字
	发信人：guaiguai520@smth.org (乖乖)，信区：cn.bbs.comp.security 标  题：FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail 发信站：BBS 水木清华站 转信站：LeafOK!news.zixia.net!maily.cic.tsinghua.edu.cn!SMTH ----- Original Message -----  From: "FreeBSD Security Advisories" <security-advis ories@freebsd.org> To: "Bugtraq" <bugtraq@securityfocus.com> Sent: Thursday, September 18, 2003 6:38 AM Subject: FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ================================================================ ========= ==== FreeBSD-SA-03:13.sendmail                                   Secu rity Advisory                                                           The Fr eeBSD Project Topic:          a third sendmail header parsing buffer overflow Category:       contrib Module:         contrib_sendmail Announced:      2003-09-17 Credits:        Michal Zalewski <lcamtuf@dione.ids.pl>                 Todd C. Miller <Todd.Miller@courtesan.com> Affects:        All releases of FreeBSD                 FreeBSD 4-STABLE prior to the correction date Corrected:      2003-09-17 15:18:20 UTC (RELENG_4, 4.9-PRERELEAS E)                 2003-09-17 20:19:00 UTC (RELENG_5_1, 5.1-RELEASE -p5)                 2003-09-17 20:19:22 UTC (RELENG_5_0, 5.0-RELEASE -p14)                 2003-09-17 20:19:52 UTC (RELENG_4_8, 4.8-RELEASE -p7)                 2003-09-17 20:20:08 UTC (RELENG_4_7, 4.7-RELEASE -p17)                 2003-09-17 20:20:31 UTC (RELENG_4_6, 4.6-RELEASE -p20)                 2003-09-17 20:20:54 UTC (RELENG_4_5, 4.5-RELEASE -p32)                 2003-09-17 20:21:15 UTC (RELENG_4_4, 4.4-RELEASE -p42)                 2003-09-17 20:21:40 UTC (RELENG_4_3, 4.3-RELEASE -p38)                 2003-09-17 20:22:03 UTC (RELENG_3) FreeBSD only:   NO I.   Background FreeBSD includes sendmail(8), a general purpose internetwork mai l routing facility, as the default Mail Transfer Agent (MTA). II.  Problem Description A buffer overflow that may occur during header parsing was ident ified. NOTE WELL:  This issue is distinct from the issue described in `FreeBSD-SA-03:04.sendmail' and `FreeBSD-SA-03:07.sendmail', alt hough the impact is very similar. III. Impact An attacker could create a specially crafted message that may ca use sendmail to execute arbitrary code with the privileges of the us er running sendmail, typically root.  The malicious message might b e handled (and the vulnerability triggered) by the initial sendmai l MTA, by any relaying sendmail MTA, or by the delivering sendmail proc ess. IV.  Workaround Disable sendmail by executing the following commands as root:   # sh /etc/rc.sendmail stop   # chmod 0 /usr/libexec/sendmail/sendmail Be sure that sendmail is not restarted when the system is restar ted by adding the following line to the end of /etc/rc.conf:   sendmail_enable="NO"   sendmail_submit_enable="NO"   sendmail_outbound_enable="NO" V.   Solution Do one of the following: 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_ 5_1, RELENG_4_8, or RELENG_4_7 security branch dated after the correc tion date. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 5.1, 4 .8, and 4.7 systems. a) Download the relevant patch from the location below, and veri fy the detached PGP signature using your PGP utility. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail .patch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail .patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libsm # make obj && make depend && make # cd /usr/src/lib/libsmutil # make obj && make depend && make # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && mak e install c) Restart sendmail.  Execute the following command as root. # /bin/sh /etc/rc.sendmail restart VI.  Correction details The following list contains the revision numbers of each file th at was corrected in FreeBSD. Branch                                                            Revision   Path - -------------------------------------------------------------- --------- -- RELENG_4   src/contrib/sendmail/src/parseaddr.c                       1.1 .1.2.6.14 RELENG_5_1   src/UPDATING                                                   1.251.2.6   src/contrib/sendmail/src/parseaddr.c                       1.1 .1.17.2.1   src/contrib/sendmail/src/version.c                         1.1 .1.19.2.1   src/sys/conf/newvers.sh                                         1.50.2.7 RELENG_5_0   src/UPDATING                                                 1 .229.2.20   src/contrib/sendmail/src/parseaddr.c                       1.1 .1.14.2.3   src/contrib/sendmail/src/version.c                         1.1 .1.16.2.2   src/sys/conf/newvers.sh                                        1.48.2.15 RELENG_4_8   src/UPDATING                                              1.73 .2.80.2.9   src/contrib/sendmail/src/parseaddr.c                   1.1.1.2 .6.12.2.2   src/contrib/sendmail/src/version.c                     1.1.1.3 .2.14.2.2   src/sys/conf/newvers.sh                                   1.44 .2.29.2.8 RELENG_4_7   src/UPDATING                                             1.73. 2.74.2.20   src/contrib/sendmail/src/parseaddr.c                   1.1.1.2 .6.10.2.3   src/contrib/sendmail/src/version.c                     1.1.1.3 .2.12.2.2   src/sys/conf/newvers.sh                                  1.44. 2.26.2.19 RELENG_4_6   src/UPDATING                                             1.73. 2.68.2.48   src/contrib/sendmail/src/parseaddr.c                    1.1.1. 2.6.8.2.3   src/contrib/sendmail/src/version.c                      1.1.1. 3.2.9.2.2   src/sys/conf/newvers.sh                                  1.44. 2.23.2.37 RELENG_4_5   src/UPDATING                                             1.73. 2.50.2.49   src/contrib/sendmail/src/parseaddr.c                    1.1.1. 2.6.6.4.3   src/contrib/sendmail/src/version.c                      1.1.1. 3.2.7.4.2   src/sys/conf/newvers.sh                                  1.44. 2.20.2.33 RELENG_4_4   src/UPDATING                                             1.73. 2.43.2.50   src/contrib/sendmail/src/parseaddr.c                    1.1.1. 2.6.6.2.3   src/contrib/sendmail/src/version.c                      1.1.1. 3.2.7.2.2   src/sys/conf/newvers.sh                                  1.44. 2.17.2.41 RELENG_4_3   src/UPDATING                                             1.73. 2.28.2.37   src/contrib/sendmail/src/parseaddr.c                    1.1.1. 2.6.4.2.3   src/contrib/sendmail/src/version.c                      1.1.1. 3.2.4.2.2   src/sys/conf/newvers.sh                                  1.44. 2.14.2.27 RELENG_3   src/contrib/sendmail/src/parseaddr.c                        1. 1.1.2.2.3   src/contrib/sendmail/src/version.c                          1. 1.1.2.2.3 - -------------------------------------------------------------- --------- -- VII. References <URL: http://lists.netsys.com/pipermail/full-disclosure/2003- September/010287 .html > <URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003- 0694 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/aOHgFdaIBMps37IRAl09AKCVMKQCzC62EF7vZFnsZVoaGWpIMACfVGq0 0df1GogdqBVYUXzNBdHrwYA= =4xqj -----END PGP SIGNATURE----- -- 输了你我输了全部 ※ 来源:·BBS 水木清华站 smth.org·[FROM: 210.43.181.10]
	========== * * * * * ==========

返回