SA-06:13.sendmail

sobota, 23 września 2006 02:26

FreeBSD-SA-06:13.sendmail                                Security Advisory
                                                        The FreeBSD Project
  Temat:            Wyścig kondycji w sendmail’u
  Kategoria:        contrib
  Moduł:            contrib_sendmail
  Ogłoszono:        2006-03-22
  Podatne wersje:   Wszystkie wersje
  Poprawiono:       2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
                2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
                2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
             
2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
                2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
                2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
                2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
                2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
 
Nazwa CVE:    CVE-2006-0058 

W celu pogłębienia informacji dotyczącej Ogłoszeń Bezpieczeństwa FreeBSD, włączając opisy pól powyżej, gałęzi bezpieczeństwa oraz poniższych sekcji proszę odwiedzić:
[URL:http://www.freebsd.org/security/]

I.    Podstawy
sendmail(8) jest podstawowym serwerem rozsyłania poczty (MTA) w systemie freebsd.
II.    Opis problemu
Obecność wyścigu kondycji została wykryta w obsłudze asynchronicznych sygnałów sendmail'a.
III.    Wpływ
Zdalnie atakujący ma możliwość wykonania zdalnie kodu z przywilejami użytkownika

Osoba atakująca zdalnie na serwer poczty, ma możliwość wykonania dowolnego kodu z przywilejami użytkownika na którym działa obecnie sendmail.
IV.    Obejście
Brak, lub wyłączenie sendmail’a.
V.    Rozwiązanie
Wykonać jedno z poniższych:

1) Uaktualnić wadliwy system do 4-STABLE, 5-STABLE, 6-STABLE lub do RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, RELENG_4_10 z danej gałęzi bezpieczeństwa wydanej po dacie poprawki.
2) Aby załatać obecny system:
Poniższe poprawki zostały sprawdzone w działaniu z FreeBSD 4.10, 4.11, 5.3, 5.4, 6.0.
a) Pobrać odpowiednią łatkę z lokalizacji podanych poniżej. Sprawdzić podpis PGP, narzędziem jakie posiadasz.

[FreeBSD 4.10]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc

[FreeBSD 4.11 and FreeBSD 5.3]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc

[FreeBSD 5.4, and FreeBSD 6.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc

b) Wykonać będąc zalogowanym jako root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libsm
# make obj && make depend && make
# cd /usr/src/lib/libsmutil
# make obj && make depend && make
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install

VI.
Szczegóły poprawki
Poniższa lista zawiera numery poszczególnych wersji plików które zostały poprawione.

Gałąź
     Ścieżka                      Przegląd
- -------------------------------------------------------------------------
RELENG_4
  src/contrib/sendmail/libsm/fflush.c                         1.1.1.1.2.1
  src/contrib/sendmail/libsm/local.h                          1.1.1.1.2.6
  src/contrib/sendmail/libsm/refill.c                         1.1.1.1.2.4
  src/contrib/sendmail/src/collect.c                         1.1.1.4.2.17
  src/contrib/sendmail/src/conf.c                                1.5.2.20
  src/contrib/sendmail/src/deliver.c                         1.1.1.3.2.20
  src/contrib/sendmail/src/headers.c                             1.4.2.16
  src/contrib/sendmail/src/mime.c                            1.1.1.3.2.10
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.2.6.20
  src/contrib/sendmail/src/savemail.c                            1.4.2.13
  src/contrib/sendmail/src/sendmail.h                        1.1.1.4.2.22
  src/contrib/sendmail/src/sfsasl.c                          1.1.1.1.2.16
  src/contrib/sendmail/src/sfsasl.h                           1.1.1.1.2.3
  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.2.6.20
  src/contrib/sendmail/src/usersmtp.c                        1.1.1.3.2.17
  src/contrib/sendmail/src/util.c                            1.1.1.3.2.15
RELENG_4_11
  src/contrib/sendmail/libsm/fflush.c                    1.1.1.1.2.1.12.1
  src/contrib/sendmail/libsm/local.h                      1.1.1.1.2.5.2.1
  src/contrib/sendmail/libsm/refill.c                     1.1.1.1.2.3.2.1
  src/contrib/sendmail/src/collect.c                     1.1.1.4.2.14.2.1
  src/contrib/sendmail/src/conf.c                            1.5.2.17.2.1
  src/contrib/sendmail/src/deliver.c                     1.1.1.3.2.17.2.1
  src/contrib/sendmail/src/headers.c                         1.4.2.14.2.1
  src/contrib/sendmail/src/mime.c                         1.1.1.3.2.8.2.1
  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.17.2.1
  src/contrib/sendmail/src/savemail.c                        1.4.2.11.2.1
  src/contrib/sendmail/src/sendmail.h                    1.1.1.4.2.19.2.1
  src/contrib/sendmail/src/sfsasl.c                      1.1.1.1.2.14.2.1
  src/contrib/sendmail/src/sfsasl.h                      1.1.1.1.2.2.12.1
  src/contrib/sendmail/src/srvrsmtp.c                    1.1.1.2.6.17.2.1
  src/contrib/sendmail/src/usersmtp.c                    1.1.1.3.2.14.2.1
  src/contrib/sendmail/src/util.c                        1.1.1.3.2.13.2.1
  src/UPDATING                                             1.73.2.91.2.17
  src/sys/conf/newvers.sh                                  1.44.2.39.2.20
RELENG_4_10
  src/contrib/sendmail/libsm/fflush.c                    1.1.1.1.2.1.10.1
  src/contrib/sendmail/libsm/local.h                      1.1.1.1.2.4.2.1
  src/contrib/sendmail/libsm/refill.c                     1.1.1.1.2.2.6.1
  src/contrib/sendmail/src/collect.c                     1.1.1.4.2.13.2.1
  src/contrib/sendmail/src/conf.c                            1.5.2.16.2.1
  src/contrib/sendmail/src/deliver.c                     1.1.1.3.2.16.2.1
  src/contrib/sendmail/src/headers.c                         1.4.2.13.2.1
  src/contrib/sendmail/src/mime.c                         1.1.1.3.2.7.2.1
  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.16.2.1
  src/contrib/sendmail/src/savemail.c                        1.4.2.10.6.1
  src/contrib/sendmail/src/sendmail.h                    1.1.1.4.2.18.2.1
  src/contrib/sendmail/src/sfsasl.c                      1.1.1.1.2.13.2.1
  src/contrib/sendmail/src/sfsasl.h                      1.1.1.1.2.2.10.1
  src/contrib/sendmail/src/srvrsmtp.c                    1.1.1.2.6.16.2.1
  src/contrib/sendmail/src/usersmtp.c                    1.1.1.3.2.13.2.1
  src/contrib/sendmail/src/util.c                        1.1.1.3.2.12.2.1
  src/UPDATING                                             1.73.2.90.2.23
  src/sys/conf/newvers.sh                                  1.33.2.34.2.24
RELENG_5
  src/contrib/sendmail/libsm/fflush.c                         1.1.1.3.8.1
  src/contrib/sendmail/libsm/local.h                          1.1.1.7.2.1
  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.2.1
  src/contrib/sendmail/src/collect.c                         1.1.1.19.2.3
  src/contrib/sendmail/src/conf.c                                1.26.2.3
  src/contrib/sendmail/src/deliver.c                         1.1.1.21.2.3
  src/contrib/sendmail/src/headers.c                             1.20.2.2
  src/contrib/sendmail/src/mime.c                            1.1.1.12.2.2
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.20.2.3
  src/contrib/sendmail/src/savemail.c                            1.16.2.2
  src/contrib/sendmail/src/sendmail.h                        1.1.1.23.2.3
  src/contrib/sendmail/src/sfsasl.c                          1.1.1.14.2.2
  src/contrib/sendmail/src/sfsasl.h                           1.1.1.4.8.1
  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.20.2.3
  src/contrib/sendmail/src/usersmtp.c                        1.1.1.18.2.3
  src/contrib/sendmail/src/util.c                            1.1.1.17.2.2
RELENG_5_4
  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.12.1
  src/contrib/sendmail/libsm/local.h                          1.1.1.7.6.1
  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.6.1
  src/contrib/sendmail/src/collect.c                     1.1.1.19.2.1.2.1
  src/contrib/sendmail/src/conf.c                            1.26.2.1.2.1
  src/contrib/sendmail/src/deliver.c                     1.1.1.21.2.1.2.1
  src/contrib/sendmail/src/headers.c                         1.20.2.1.2.1
  src/contrib/sendmail/src/mime.c                        1.1.1.12.2.1.2.1
  src/contrib/sendmail/src/parseaddr.c                   1.1.1.20.2.1.2.1
  src/contrib/sendmail/src/savemail.c                        1.16.2.1.2.1
  src/contrib/sendmail/src/sendmail.h                    1.1.1.23.2.1.2.1
  src/contrib/sendmail/src/sfsasl.c                      1.1.1.14.2.1.2.1
  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.12.1
  src/contrib/sendmail/src/srvrsmtp.c                    1.1.1.20.2.1.2.1
  src/contrib/sendmail/src/usersmtp.c                    1.1.1.18.2.1.2.1
  src/contrib/sendmail/src/util.c                        1.1.1.17.2.1.2.1
  src/UPDATING                                            1.342.2.24.2.22
  src/sys/conf/newvers.sh                                  1.62.2.18.2.18
RELENG_5_3
  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.10.1
  src/contrib/sendmail/libsm/local.h                          1.1.1.7.4.1
  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.4.1
  src/contrib/sendmail/src/collect.c                         1.1.1.19.4.1
  src/contrib/sendmail/src/conf.c                                1.26.4.1
  src/contrib/sendmail/src/deliver.c                         1.1.1.21.4.1
  src/contrib/sendmail/src/headers.c                             1.20.4.1
  src/contrib/sendmail/src/mime.c                            1.1.1.12.4.1
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.20.4.1
  src/contrib/sendmail/src/savemail.c                            1.16.4.1
  src/contrib/sendmail/src/sendmail.h                        1.1.1.23.4.1
  src/contrib/sendmail/src/sfsasl.c                          1.1.1.14.4.1
  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.10.1
  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.20.4.1
  src/contrib/sendmail/src/usersmtp.c                        1.1.1.18.4.1
  src/contrib/sendmail/src/util.c                            1.1.1.17.4.1
  src/UPDATING                                            1.342.2.13.2.31
  src/sys/conf/newvers.sh                                  1.62.2.15.2.33
RELENG_6
  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.14.1
  src/contrib/sendmail/libsm/local.h                          1.1.1.7.8.1
  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.8.1
  src/contrib/sendmail/src/collect.c                         1.1.1.21.2.1
  src/contrib/sendmail/src/conf.c                                1.28.2.1
  src/contrib/sendmail/src/deliver.c                         1.1.1.23.2.1
  src/contrib/sendmail/src/headers.c                             1.21.2.1
  src/contrib/sendmail/src/mime.c                            1.1.1.13.2.1
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.22.2.1
  src/contrib/sendmail/src/savemail.c                            1.17.2.1
  src/contrib/sendmail/src/sendmail.h                        1.1.1.26.2.1
  src/contrib/sendmail/src/sfsasl.c                          1.1.1.15.2.1
  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.14.1
  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.22.2.1
  src/contrib/sendmail/src/usersmtp.c                        1.1.1.21.2.1
  src/contrib/sendmail/src/util.c                            1.1.1.18.2.1
RELENG_6_0
  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.16.1
  src/contrib/sendmail/libsm/local.h                         1.1.1.7.10.1
  src/contrib/sendmail/libsm/refill.c                        1.1.1.5.10.1
  src/contrib/sendmail/src/collect.c                         1.1.1.21.4.1
  src/contrib/sendmail/src/conf.c                                1.28.4.1
  src/contrib/sendmail/src/deliver.c                         1.1.1.23.4.1
  src/contrib/sendmail/src/headers.c                             1.21.4.1
  src/contrib/sendmail/src/mime.c                            1.1.1.13.4.1
  src/contrib/sendmail/src/parseaddr.c                       1.1.1.22.4.1
  src/contrib/sendmail/src/savemail.c                            1.17.4.1
  src/contrib/sendmail/src/sendmail.h                        1.1.1.26.4.1
  src/contrib/sendmail/src/sfsasl.c                          1.1.1.15.4.1
  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.16.1
  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.22.4.1
  src/contrib/sendmail/src/usersmtp.c                        1.1.1.21.4.1
  src/contrib/sendmail/src/util.c                            1.1.1.18.4.1
  src/UPDATING                                             1.416.2.3.2.11
  src/sys/conf/newvers.sh                                    1.69.2.8.2.7
- -------------------------------------------------------------------------

VII. Odnośniki
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

Najnowsza wersja jest dostępna pod adresem:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06 :13.sendmail.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFEIXZWFdaIBMps37IRAldYAJ9nd+wQMJlQObUuio5tBEFwD0ULwwCbB2eI
u3JkyVwHx4WOgmZkg9QKang=
=d3RW
-----END PGP SIGNATURE-----