Dear Alexander Dilevsky,
На sendmail.org написано.
Sendmail 8.13.6 release notes
8.13.6/8.13.6 2006/03/22
SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
and client side of sendmail with timeouts in the libsm I/O
layer and fix problems in that code. Also fix handling of
a buffer in sm_syslog() which could have been used as an
attack vector to exploit the unsafe handling of
setjmp(3)/longjmp(3) in combination with signals.
Problem detected by Mark Dowd of ISS X-Force.
Т.е. идея понятна, есть некий буфер куда можно положить шелкод и
передать управление используя кратковременные условия (thread завершился
до того, как longjmp сработал).
--Wednesday, March 22, 2006, 8:23:43 PM, you wrote to 3APA3A@xxxxxxxxxxxxxxxx:
AD> Облом-с. Нету на ftp.freebsd.org этих патчей. Там вообще последний -
AD> 06:10 от 1 марта.
AD> И на
AD> ничего
AD> внятного не написано.
AD> 3APA3A wrote:
>>
>>--This is a forwarded message
>>From: FreeBSD Security Advisories <security-advisories@xxxxxxxxxxx>
>>To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
>>Date: Wednesday, March 22, 2006, 7:11:31 PM
>>Subject: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
>>
>>===8<==============Original message text===============
>> =============================================================================
>> FreeBSD-SA-06:13.sendmail Security
>> Advisory
>> The FreeBSD
>> Project
>>
>> Topic: Race condition in sendmail
>>
>> Category: contrib
>> Module: contrib_sendmail
>> Announced: 2006-03-22
>> Affects: All FreeBSD releases.
>> Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
>> 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
>> 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
>> 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
>> 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
>> 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
>> 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
>> 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
>> CVE Name: CVE-2006-0058
>>
>> For general information regarding FreeBSD Security Advisories,
>> including descriptions of the fields above, security branches, and the
>> following sections, please visit
>> <URL:>.
>>
>> NOTE: The issue discussed in this advisory was reported to the FreeBSD
>> Security Team, and the patch which corrects it was supplied, by the
>> Sendmail Consortium via CERT. Due to the limited information available
>> concerning the nature of the vulnerability, the FreeBSD Security Team
>> has not been able to evaluate the effectiveness of the fixes, nor the
>> possibility of other workarounds.
>>
>> I. Background
>>
>> FreeBSD includes sendmail(8), a general purpose internetwork mail
>> routing facility, as the default Mail Transfer Agent (MTA).
>>
>> II. Problem Description
>>
>> A race condition has been reported to exist in the handling by sendmail
>> of asynchronous signals.
>>
>> III. Impact
>>
>> A remote attacker may be able to execute arbitrary code with the
>> privileges of the user running sendmail, typically root.
>>
>> IV. Workaround
>>
>> There is no known workaround other than disabling sendmail.
>>
>> V. Solution
>>
>> Perform one of the following:
>>
>> 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
>> or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
>> RELENG_4_10 security branch dated after the correction date.
>>
>> 2) To patch your present system:
>>
>> The following patches have been verified to apply to FreeBSD 4.10,
>> 4.11, 5.3, 5.4, and 6.0 systems.
>>
>> a) Download the relevant patch from the location below, and verify the
>> detached PGP signature using your PGP utility.
>>
>> [FreeBSD 4.10]
>> # fetch
>> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch
>> # fetch
>> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc
>>
>> [FreeBSD 4.11 and FreeBSD 5.3]
>> # fetch
>> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
>> # fetch
>> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc
>>
>> [FreeBSD 5.4, and FreeBSD 6.x]
>> # fetch
>> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch
>> # fetch
>> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc
>>
>>
>> VII. References
>>
>>
>>
>> The latest revision of this advisory is available at
>> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
AD> ===8<===========End of original message text===========
--
~/ZARAZA
Особую проблему составляет алкоголизм. (Лем)
