FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
Mike Tancsa
mike at sentex.net
Wed Mar 22 18:42:39 UTC 2006
Hi,
The patches apply cleanly on RELENG_4, but sendmail does not
compile properly using
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install
rm -f .depend
mkdep -f .depend
-a -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I.
-DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6
-DSTARTTLS -D_FFR_TLS_1
-D_FFR_DEAL_WITH_ERROR_SSL
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/arpadate.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/bf.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/conf.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/control.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/convtime.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/daemon.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/deliver.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/domain.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/envelope.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/err.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/headers.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/macro.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/main.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/map.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/mci.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/milter.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/mime.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/parseaddr.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/queue.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/ratectrl.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/readcf.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/recipient.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/savemail.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sasl.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sfsasl.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/shmticklib.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sm_resolve.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/srvrsmtp.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/stab.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/stats.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sysexits.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/timers.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/tls.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/trace.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/udb.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/util.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/version.c
echo sendmail: /usr/lib/libc.a /usr/lib/libutil.a /usr/lib/libwrap.a
/usr/obj/usr/src/usr.sbin/sendmail/../../lib/libsmutil/libsmutil.a
/usr/obj/usr/src/usr.sbin/sendmail/../../lib/libsm/libsm.a
/usr/lib/libssl.a /usr/lib/libcrypto.a >> .depend
cc -O -pipe -march=pentiumpro
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I.
-DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6
-DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c
cc -O -pipe -march=pentiumpro
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I.
-DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6
-DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/arpadate.c
cc -O -pipe -march=pentiumpro
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I.
-DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6
-DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/bf.c
cc -O -pipe -march=pentiumpro
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I.
-DNEWDB -DNIS -DMILTER -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6
-DSTARTTLS -D_FFR_TLS_1 -D_FFR_DEAL_WITH_ERROR_SSL -c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c: In
function `collecttimeout':
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:941:
`CollectProgress' undeclared (first use in this function)
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:941:
(Each undeclared identifier is reported only once
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:941:
for each function it appears in.)
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:944:
`CollectTimeout' undeclared (first use in this function)
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/collect.c:958:
`CtxCollectTimeout' undeclared (first use in this function)
*** Error code 1
Stop in /usr/src/usr.sbin/sendmail.
This is on
4.11-STABLE FreeBSD 4.11-STABLE #0: Mon Feb 13 17:36:36 EST 2006
---Mike
At 11:11 AM 22/03/2006, FreeBSD Security Advisories wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>=============================================================================
>FreeBSD-SA-06:13.sendmail Security Advisory
> The FreeBSD Project
>
>Topic: Race condition in sendmail
>
>Category: contrib
>Module: contrib_sendmail
>Announced: 2006-03-22
>Affects: All FreeBSD releases.
>Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
> 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
> 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
> 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
> 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
> 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
> 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
> 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
>CVE Name: CVE-2006-0058
>
>For general information regarding FreeBSD Security Advisories,
>including descriptions of the fields above, security branches, and the
>following sections, please visit
><URL:http://www.freebsd.org/security/>.
>
>NOTE: The issue discussed in this advisory was reported to the FreeBSD
>Security Team, and the patch which corrects it was supplied, by the
>Sendmail Consortium via CERT. Due to the limited information available
>concerning the nature of the vulnerability, the FreeBSD Security Team
>has not been able to evaluate the effectiveness of the fixes, nor the
>possibility of other workarounds.
>
>I. Background
>
>FreeBSD includes sendmail(8), a general purpose internetwork mail
>routing facility, as the default Mail Transfer Agent (MTA).
>
>II. Problem Description
>
>A race condition has been reported to exist in the handling by sendmail
>of asynchronous signals.
>
>III. Impact
>
>A remote attacker may be able to execute arbitrary code with the
>privileges of the user running sendmail, typically root.
>
>IV. Workaround
>
>There is no known workaround other than disabling sendmail.
>
>V. Solution
>
>Perform one of the following:
>
>1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
>or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
>RELENG_4_10 security branch dated after the correction date.
>
>2) To patch your present system:
>
>The following patches have been verified to apply to FreeBSD 4.10,
>4.11, 5.3, 5.4, and 6.0 systems.
>
>a) Download the relevant patch from the location below, and verify the
>detached PGP signature using your PGP utility.
>
>[FreeBSD 4.10]
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc
>
>[FreeBSD 4.11 and FreeBSD 5.3]
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc
>
>[FreeBSD 5.4, and FreeBSD 6.x]
># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch
># fetch
>ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc
>
>b) Execute the following commands as root:
>
># cd /usr/src
># patch < /path/to/patch
># cd /usr/src/lib/libsm
># make obj && make depend && make
># cd /usr/src/lib/libsmutil
># make obj && make depend && make
># cd /usr/src/usr.sbin/sendmail
># make obj && make depend && make && make install
>
>VI. Correction details
>
>The following list contains the revision numbers of each file that was
>corrected in FreeBSD.
>
>Branch Revision
> Path
>- -------------------------------------------------------------------------
>RELENG_4
> src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1
> src/contrib/sendmail/libsm/local.h 1.1.1.1.2.6
> src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.4
> src/contrib/sendmail/src/collect.c 1.1.1.4.2.17
> src/contrib/sendmail/src/conf.c 1.5.2.20
> src/contrib/sendmail/src/deliver.c 1.1.1.3.2.20
> src/contrib/sendmail/src/headers.c 1.4.2.16
> src/contrib/sendmail/src/mime.c 1.1.1.3.2.10
> src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.20
> src/contrib/sendmail/src/savemail.c 1.4.2.13
> src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.22
> src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.16
> src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.3
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.20
> src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.17
> src/contrib/sendmail/src/util.c 1.1.1.3.2.15
>RELENG_4_11
> src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.12.1
> src/contrib/sendmail/libsm/local.h 1.1.1.1.2.5.2.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.3.2.1
> src/contrib/sendmail/src/collect.c 1.1.1.4.2.14.2.1
> src/contrib/sendmail/src/conf.c 1.5.2.17.2.1
> src/contrib/sendmail/src/deliver.c 1.1.1.3.2.17.2.1
> src/contrib/sendmail/src/headers.c 1.4.2.14.2.1
> src/contrib/sendmail/src/mime.c 1.1.1.3.2.8.2.1
> src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.17.2.1
> src/contrib/sendmail/src/savemail.c 1.4.2.11.2.1
> src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.19.2.1
> src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.14.2.1
> src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.12.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.17.2.1
> src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.14.2.1
> src/contrib/sendmail/src/util.c 1.1.1.3.2.13.2.1
> src/UPDATING 1.73.2.91.2.17
> src/sys/conf/newvers.sh 1.44.2.39.2.20
>RELENG_4_10
> src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.10.1
> src/contrib/sendmail/libsm/local.h 1.1.1.1.2.4.2.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.2.6.1
> src/contrib/sendmail/src/collect.c 1.1.1.4.2.13.2.1
> src/contrib/sendmail/src/conf.c 1.5.2.16.2.1
> src/contrib/sendmail/src/deliver.c 1.1.1.3.2.16.2.1
> src/contrib/sendmail/src/headers.c 1.4.2.13.2.1
> src/contrib/sendmail/src/mime.c 1.1.1.3.2.7.2.1
> src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.16.2.1
> src/contrib/sendmail/src/savemail.c 1.4.2.10.6.1
> src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.18.2.1
> src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.13.2.1
> src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.10.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.16.2.1
> src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.13.2.1
> src/contrib/sendmail/src/util.c 1.1.1.3.2.12.2.1
> src/UPDATING 1.73.2.90.2.23
> src/sys/conf/newvers.sh 1.33.2.34.2.24
>RELENG_5
> src/contrib/sendmail/libsm/fflush.c 1.1.1.3.8.1
> src/contrib/sendmail/libsm/local.h 1.1.1.7.2.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.5.2.1
> src/contrib/sendmail/src/collect.c 1.1.1.19.2.3
> src/contrib/sendmail/src/conf.c 1.26.2.3
> src/contrib/sendmail/src/deliver.c 1.1.1.21.2.3
> src/contrib/sendmail/src/headers.c 1.20.2.2
> src/contrib/sendmail/src/mime.c 1.1.1.12.2.2
> src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.3
> src/contrib/sendmail/src/savemail.c 1.16.2.2
> src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.3
> src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.2
> src/contrib/sendmail/src/sfsasl.h 1.1.1.4.8.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.3
> src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.3
> src/contrib/sendmail/src/util.c 1.1.1.17.2.2
>RELENG_5_4
> src/contrib/sendmail/libsm/fflush.c 1.1.1.3.12.1
> src/contrib/sendmail/libsm/local.h 1.1.1.7.6.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.5.6.1
> src/contrib/sendmail/src/collect.c 1.1.1.19.2.1.2.1
> src/contrib/sendmail/src/conf.c 1.26.2.1.2.1
> src/contrib/sendmail/src/deliver.c 1.1.1.21.2.1.2.1
> src/contrib/sendmail/src/headers.c 1.20.2.1.2.1
> src/contrib/sendmail/src/mime.c 1.1.1.12.2.1.2.1
> src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.1.2.1
> src/contrib/sendmail/src/savemail.c 1.16.2.1.2.1
> src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.1.2.1
> src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.1.2.1
> src/contrib/sendmail/src/sfsasl.h 1.1.1.4.12.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.1.2.1
> src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.1.2.1
> src/contrib/sendmail/src/util.c 1.1.1.17.2.1.2.1
> src/UPDATING 1.342.2.24.2.22
> src/sys/conf/newvers.sh 1.62.2.18.2.18
>RELENG_5_3
> src/contrib/sendmail/libsm/fflush.c 1.1.1.3.10.1
> src/contrib/sendmail/libsm/local.h 1.1.1.7.4.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.5.4.1
> src/contrib/sendmail/src/collect.c 1.1.1.19.4.1
> src/contrib/sendmail/src/conf.c 1.26.4.1
> src/contrib/sendmail/src/deliver.c 1.1.1.21.4.1
> src/contrib/sendmail/src/headers.c 1.20.4.1
> src/contrib/sendmail/src/mime.c 1.1.1.12.4.1
> src/contrib/sendmail/src/parseaddr.c 1.1.1.20.4.1
> src/contrib/sendmail/src/savemail.c 1.16.4.1
> src/contrib/sendmail/src/sendmail.h 1.1.1.23.4.1
> src/contrib/sendmail/src/sfsasl.c 1.1.1.14.4.1
> src/contrib/sendmail/src/sfsasl.h 1.1.1.4.10.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.4.1
> src/contrib/sendmail/src/usersmtp.c 1.1.1.18.4.1
> src/contrib/sendmail/src/util.c 1.1.1.17.4.1
> src/UPDATING 1.342.2.13.2.31
> src/sys/conf/newvers.sh 1.62.2.15.2.33
>RELENG_6
> src/contrib/sendmail/libsm/fflush.c 1.1.1.3.14.1
> src/contrib/sendmail/libsm/local.h 1.1.1.7.8.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.5.8.1
> src/contrib/sendmail/src/collect.c 1.1.1.21.2.1
> src/contrib/sendmail/src/conf.c 1.28.2.1
> src/contrib/sendmail/src/deliver.c 1.1.1.23.2.1
> src/contrib/sendmail/src/headers.c 1.21.2.1
> src/contrib/sendmail/src/mime.c 1.1.1.13.2.1
> src/contrib/sendmail/src/parseaddr.c 1.1.1.22.2.1
> src/contrib/sendmail/src/savemail.c 1.17.2.1
> src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.1
> src/contrib/sendmail/src/sfsasl.c 1.1.1.15.2.1
> src/contrib/sendmail/src/sfsasl.h 1.1.1.4.14.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.2.1
> src/contrib/sendmail/src/usersmtp.c 1.1.1.21.2.1
> src/contrib/sendmail/src/util.c 1.1.1.18.2.1
>RELENG_6_0
> src/contrib/sendmail/libsm/fflush.c 1.1.1.3.16.1
> src/contrib/sendmail/libsm/local.h 1.1.1.7.10.1
> src/contrib/sendmail/libsm/refill.c 1.1.1.5.10.1
> src/contrib/sendmail/src/collect.c 1.1.1.21.4.1
> src/contrib/sendmail/src/conf.c 1.28.4.1
> src/contrib/sendmail/src/deliver.c 1.1.1.23.4.1
> src/contrib/sendmail/src/headers.c 1.21.4.1
> src/contrib/sendmail/src/mime.c 1.1.1.13.4.1
> src/contrib/sendmail/src/parseaddr.c 1.1.1.22.4.1
> src/contrib/sendmail/src/savemail.c 1.17.4.1
> src/contrib/sendmail/src/sendmail.h 1.1.1.26.4.1
> src/contrib/sendmail/src/sfsasl.c 1.1.1.15.4.1
> src/contrib/sendmail/src/sfsasl.h 1.1.1.4.16.1
> src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.4.1
> src/contrib/sendmail/src/usersmtp.c 1.1.1.21.4.1
> src/contrib/sendmail/src/util.c 1.1.1.18.4.1
> src/UPDATING 1.416.2.3.2.11
> src/sys/conf/newvers.sh 1.69.2.8.2.7
>- -------------------------------------------------------------------------
>
>VII. References
>
>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
>
>The latest revision of this advisory is available at
>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (FreeBSD)
>
>iD8DBQFEIXZWFdaIBMps37IRAldYAJ9nd+wQMJlQObUuio5tBEFwD0ULwwCbB2eI
>u3JkyVwHx4WOgmZkg9QKang=
>=d3RW
>-----END PGP SIGNATURE-----
>_______________________________________________
>freebsd-security-notifications at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
>To unsubscribe, send any mail to
>"freebsd-security-notifications-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list