ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-alerts] Fwd: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail



Облом-с. Нету на ftp.freebsd.org этих патчей. Там вообще последний -
06:10 от 1 марта.
И на http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 ничего
внятного не написано.

3APA3A wrote:

>
>--This is a forwarded message
>From: FreeBSD Security Advisories <security-advisories@xxxxxxxxxxx>
>To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
>Date: Wednesday, March 22, 2006, 7:11:31 PM
>Subject: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
>
>===8<==============Original message text===============

> =============================================================================
> FreeBSD-SA-06:13.sendmail                                   Security
> Advisory
>                                                           The FreeBSD
> Project
>
> Topic:          Race condition in sendmail
>
> Category:       contrib
> Module:         contrib_sendmail
> Announced:      2006-03-22
> Affects:        All FreeBSD releases.
> Corrected:      2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
>                 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
>                 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
>                 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
>                 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
>                 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
>                 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
>                 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
> CVE Name:       CVE-2006-0058
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://www.freebsd.org/security/>.
>
> NOTE: The issue discussed in this advisory was reported to the FreeBSD
> Security Team, and the patch which corrects it was supplied, by the
> Sendmail Consortium via CERT.  Due to the limited information available
> concerning the nature of the vulnerability, the FreeBSD Security Team
> has not been able to evaluate the effectiveness of the fixes, nor the
> possibility of other workarounds.
>
> I.   Background
>
> FreeBSD includes sendmail(8), a general purpose internetwork mail
> routing facility, as the default Mail Transfer Agent (MTA).
>
> II.  Problem Description
>
> A race condition has been reported to exist in the handling by sendmail
> of asynchronous signals.
>
> III. Impact
>
> A remote attacker may be able to execute arbitrary code with the
> privileges of the user running sendmail, typically root.
>
> IV.  Workaround
>
> There is no known workaround other than disabling sendmail.
>
> V.   Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
> or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
> RELENG_4_10 security branch dated after the correction date.
>
> 2) To patch your present system:
>
> The following patches have been verified to apply to FreeBSD 4.10,
> 4.11, 5.3, 5.4, and 6.0 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> [FreeBSD 4.10]
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc
>
> [FreeBSD 4.11 and FreeBSD 5.3]
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc
>
> [FreeBSD 5.4, and FreeBSD 6.x]
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch
> # fetch
> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc
>
>
> VII. References
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
>
> The latest revision of this advisory is available at
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc


===8<===========End of original message text===========




-- 
--
 Alexander Dilevsky
 mailto:dil@xxxxxx



 




Copyright © Lexa Software, 1996-2009.