Sendmail vulnerability

Andrew McNaughton andrew at scoop.co.nz
Wed Sep 17 21:17:10 PDT 2003


I've been using sendmail from ports for some time.  I just upgraded to
sendmail 8.12.10 by changing the version number in the makefile, then
doing `make makesum build deinstall reinstall`.

Everything built cleanly, started up ok, accepted a delivery and generally
looks oK so far
an
outgoiand looks ok so far.

Andrew


On Wed, 17 Sep 2003, Mike Tancsa wrote:

> Date: Wed, 17 Sep 2003 13:46:14 -0400
> From: Mike Tancsa <mike at sentex.net>
> To: Jacques A. Vidrine <nectar at freebsd.org>, freebsd-security at freebsd.org
> Cc: gshapiro at freebsd.org
> Subject: Re: Sendmail vulnerability
>
>
> Looks like they have released http://www.sendmail.org/8.12.10.html
>
> Are their plans to import/mfc this into stable ?  No doubt a busy day for
> the Sendmail folk as well :-(
>
>          ---Mike
>
> At 12:21 PM 17/09/2003, Jacques A. Vidrine wrote:
> >You've probably already seen the latest sendmail vulnerability.
> >
> >http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
> >
> >I believe you can apply the following patch to any of the security
> >branches:
> >
> >http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18
> >
> >Download the patch and:
> >
> >   # cd /usr/src
> >   # patch -p1 < /path/to/patch
> >   # cd /usr/src/usr.sbin/sendmail
> >   # make obj && make depend && make && make install
> >
> >
> >Official advisory will go out later today.
> >
> >Cheers,
> >--
> >Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
> >nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
> >_______________________________________________
> >freebsd-security at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-security
> >To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>

--

No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.

-------------------------------------------------------------------
Andrew McNaughton           Currently in Boomer Bay, Tasmania
andrew at scoop.co.nz
Mobile: +61 422 753 792     http://staff.scoop.co.nz/andrew/cv.doc





More information about the freebsd-security mailing list