FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail
Chris
chris at jeah.co
Tue Jun 3 20:03:58 UTC 2014
http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch does not exist.
Chris
On 6/3/2014 2:34 PM, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> =============================================================================
> FreeBSD-SA-14:11.sendmail Security Advisory
> The FreeBSD Project
>
> Topic: sendmail improper close-on-exec flag handling
>
> Category: contrib
> Module: sendmail
> Announced: 2014-06-03
> Affects: All supported versions of FreeBSD.
> Corrected: 2014-05-26 15:35:11 UTC (stable/10, 10.0-STABLE)
> 2014-06-03 19:02:52 UTC (releng/10.0, 10.0-RELEASE-p4)
> 2014-05-26 20:10:00 UTC (stable/9, 9.3-PRERELEASE)
> 2014-06-03 19:03:11 UTC (releng/9.2, 9.2-RELEASE-p7)
> 2014-06-03 19:03:11 UTC (releng/9.1, 9.1-RELEASE-p14)
> 2014-05-26 15:30:27 UTC (stable/8, 8.4-STABLE)
> 2014-06-03 19:03:23 UTC (releng/8.4, 8.4-RELEASE-p11)
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:http://security.FreeBSD.org/>.
>
> I. Background
>
> FreeBSD includes sendmail(8), a general purpose internetwork mail
> routing facility, as the default Mail Transfer Agent (MTA).
>
> FreeBSD uses file descriptor as an abstract indicator for accessing a file.
> Upon execve(2), file descriptors open in the calling process image remain
> open in the new process image, except for those for which the close-on-exec
> flag is set.
>
> II. Problem Description
>
> There is a programming error in sendmail(8) that prevented open file
> descriptors have close-on-exec properly set. Consequently a subprocess
> will be able to access all open files that the parent process have open.
>
> III. Impact
>
> A local user who can execute their own program for mail delivery will be
> able to interfere with an open SMTP connection.
>
> IV. Workaround
>
> Do not allow untrusted users to specify programs for mail delivery, for
> instance, procmail.
>
> Systems that do not use sendmail(8) MTA are not affected.
>
> V. Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
>
> 2) To update your vulnerable system via a source code patch:
>
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch
> # fetch http://security.FreeBSD.org/patches/SA-14:11/sendmail.patch.asc
> # gpg --verify sendmail.patch.asc
>
> b) Apply the patch. Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile the operating system using buildworld and installworld as
> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
>
> Restart the applicable daemons, or reboot the system.
>
> 3) To update your vulnerable system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
>
> VI. Correction details
>
> The following list contains the correction revision numbers for each
> affected branch.
>
> Branch/path Revision
> - -------------------------------------------------------------------------
> stable/8/ r266693
> releng/8.4/ r267019
> stable/9/ r266711
> releng/9.1/ r267018
> releng/9.2/ r267018
> stable/10/ r266692
> releng/10.0/ r267017
> - -------------------------------------------------------------------------
>
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
>
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>
> Or visit the following URL, replacing NNNNNN with the revision number:
>
> <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
>
> VII. References
>
> The latest revision of this advisory is available at
> <URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:11.sendmail.asc>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (FreeBSD)
>
> iQIcBAEBCgAGBQJTjiDaAAoJEO1n7NZdz2rnMxgP/0N9dTCKztkx92+Er1riKEns
> k0dfQswsTn2BwKzqIwiuzYcC9YFuBbU/ydfhIy3CGHJoZXd98sl0IZkWok7N7gYb
> N46aSyMypHh5RtoxtRm7aLhmKSBXiXhygwoeV8HW5fBhgZG544BQ+zs3wDWL/Y4J
> sfTEV4C254hm8+loCjtg+WIoFDtaYFWTWCUm1Yhxb1puN5scCNNgbvqvmhmrCLtb
> n/AoWUvqQi8B7tu2YafbG+BE8qaLC+tGpqC4mF3NxtNUX++4HMC6ZhbcOaa2PKrk
> kepReV/zdc3DaZ0e0KsiwFBiWMe9NW0RjHaZeDe3wzbX9fer2WjoOszLw7xLo/8s
> GPZwI+fPRysKGRXeW+0Bp3itbHYAFUhS5PttZQcGqzFKIRNLdVcAIMsj/+j32/LM
> vVw3e1NpsIhpxqIorxJEwuBxr4SWzCY26TbJVG+jWqEzhaRgjgpW+TZ2bhW3EDKm
> CNnngufJzh54/rEKolWxntyiw442JRpcPvumiUiH9WmRHipkCrMttQGA9TfjUy0u
> diQFs/nWNa9YeUkF1jB7eMFoJubg5d/7/gDFPbHMvgjP7kN75k1TmeyzrBVUuplH
> ek+XMzxkWYPStw1QHub94VpKhVm7fjvLrq2+2bfdQnM7bRbgwdA66jSwqVQ569Hr
> oOFXJjVfz279BMqszAsw
> =JUzV
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security-notifications at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications
> To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list