Sendmail vulnerability
Jacques A. Vidrine
nectar at FreeBSD.org
Wed Sep 17 10:36:48 PDT 2003
On Wed, Sep 17, 2003 at 07:20:24PM +0200, Marco Trentini wrote:
> >-------- Original Message --------
> >Subject: Sendmail vulnerability
> >Date: Wed, 17 Sep 2003 11:21:18 -0500
> >From: Jacques A. Vidrine <nectar at freebsd.org>
> >To: freebsd-security at freebsd.org
> >
> >You've probably already seen the latest sendmail vulnerability.
> >
> >http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
> >
> >
> >I believe you can apply the following patch to any of the security
> >branches:
> >
> >http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
> >
> >
> >Download the patch and:
> >
> > # cd /usr/src
> > # patch -p1 < /path/to/patch
> > # cd /usr/src/usr.sbin/sendmail
> > # make obj && make depend && make && make install
> >
> >
> >Official advisory will go out later today.
>
> I've tried to make that but I get this error (on a stable with today
> sources):
Sorry, I left out some steps that are in the draft advisory and are
important if you don't already have a populated /usr/obj from a
previous buildworld.
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libsm
# make obj && make depend && make
# cd /usr/src/lib/libsmutil
# make obj && make depend && make
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list