Parece que freebsd n�o � muito vulner�vel, mas em linux j� tem at� exploit. ----- Original Message ----- From: "FreeBSD Security Advisories" <[EMAIL PROTECTED]> To: "Bugtraq" <[EMAIL PROTECTED]> Sent: Monday, March 03, 2003 2:11 PM Subject: FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================ = > FreeBSD-SA-03:04.sendmail Security Advisory > The FreeBSD Project > > Topic: sendmail header parsing buffer overflow > > Category: contrib > Module: contrib_sendmail > Announced: 2003-03-03 > Credits: Mark Dowd (ISS) > Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 > FreeBSD 4-STABLE prior to the correction date > Corrected: 2003-03-03 > FreeBSD only: NO > > I. Background > > FreeBSD includes sendmail(8), a general purpose internetwork mail > routing facility, as the default Mail Transfer Agent (MTA). > > II. Problem Description > > ISS has identified a buffer overflow that may occur during header > parsing in all versions of sendmail after version 5.79. > > In addition, Sendmail, Inc. has identified and corrected a defect in > buffer handling within sendmail's RFC 1413 ident protocol support. > > III. Impact > > A remote attacker could create a specially crafted message that may > cause sendmail to execute arbitrary code with the privileges of the > user running sendmail, typically root. The malicious message might be > handled (and therefore the vulnerability triggered) by the initial > sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail > process. Exploiting this defect is particularly difficult, but is > believed to be possible. > > The defect in the ident routines is not believed to be exploitable. > > IV. Workaround > > There is no workaround, other than disabling sendmail. > > V. Solution > > Do one of the following: > > 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, > RELENG_4_7, or RELENG_4_6 security branch dated after the correction > date (5.0-RELEASE-p4, 4.7-RELEASE-p7, or 4.6.2-RELEASE-p10, > respectively). > > [NOTE: At the time of this writing, the FreeBSD 4-STABLE branch is > labeled `4.8-RC1'.] > > 2) To patch your present system: > > The following patch has been verified to apply to FreeBSD 5.0, 4.7, > and 4.6 systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > # cd /usr/src/lib/libsm > # make obj && make depend && make > # cd /usr/src/lib/libsmutil > # make obj && make depend && make > # cd /usr/src/usr.sbin/sendmail > # make obj && make depend && make && make install > > 3) For i386 systems only, a patched sendmail binary is available. > Select the correct binary based on your FreeBSD version and whether or > not you want STARTTLS support. If you want STARTTLS support, you must > have the crypto distribution installed. > > a) Download the relevant binary from the location below, and verify > the detached PGP signature using your PGP utility. > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-cr ypto.bin.gz > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-cr ypto.bin.gz.asc > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-no crypto.bin.gz > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-no crypto.bin.gz.asc > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-cr ypto.bin.gz > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-cr ypto.bin.gz.asc > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-no crypto.bin.gz > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-no crypto.bin.gz.asc > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-cr ypto.bin.gz > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-cr ypto.bin.gz.asc > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-no crypto.bin.gz > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-no crypto.bin.gz.asc > > b) Install the binary. Execute the following commands as root. > Note that these examples utilizes the FreeBSD 4.7 crypto binary. > Substitute BINARYGZ with the file name which you downloaded in > step (a). > > # BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz > # gunzip ${BINARYGZ} > # install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} /usr/libexec/sendmail/sendmail > > c) Restart sendmail. Execute the following command as root. > > # /bin/sh /etc/rc.sendmail restart > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Path Revision > Branch > - ------------------------------------------------------------------------ - > src/contrib/src/sendmail.h > src/contrib/sendmail/src/daemon.c > src/contrib/sendmail/src/headers.c > src/contrib/sendmail/src/main.c > src/contrib/sendmail/src/parseaddr.c > - ------------------------------------------------------------------------ - > > VII. References > > <URL: http://www.kb.cert.org/vuls/id/398025 > > <URL: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 > > <URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (FreeBSD) > > iD8DBQE+Y4sVFdaIBMps37IRAudhAJ9eOnD1h6UOANKPpD4OW7lTk3tjnwCfV4sW > 1KK2fkVaPFNIDC7VEPh+Aew= > =lWwz > -----END PGP SIGNATURE----- _______________________________________________________________ Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
