Your message dated Thu, 23 Mar 2006 16:19:13 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#358440: fixed in sendmail 8.13.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: sendmail
Version: 8.13.4-3
Severity: critical
Justification: root security hole
Please see the following advisories/reports:
http://www.auscert.org.au/6148
http://xforce.iss.net/xforce/alerts/id/216
http://www.sendmail.org/8.13.6.html
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- Package-specific info:
Ouput of /usr/share/bug/sendmail/script:
ls -alR /etc/mail:
/etc/mail:
total 272
drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 .
drwxr-xr-x 91 root root 8192 Mar 20 22:47 ..
-rwxr-xr-- 1 root smmsp 9116 Dec 2 09:21 Makefile
-rw------- 1 root root 4211 Dec 2 09:22 access
-rw-r----- 1 smmta smmsp 12288 Dec 2 09:22 access.db
-rw-r--r-- 1 root root 281 Jun 4 2005 address.resolve
lrwxrwxrwx 1 root smmsp 10 Dec 2 09:22 aliases -> ../aliases
-rw-r----- 1 smmta smmsp 12288 Dec 2 09:22 aliases.db
-rw-r--r-- 1 root root 3058 Dec 2 09:21 databases
-rw-r--r-- 1 root root 5588 Jun 4 2005 helpfile
-rw-r--r-- 1 root smmsp 35 Dec 2 09:22 local-host-names
drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 m4
drwxr-xr-x 2 root root 4096 Dec 2 09:21 peers
drwxr-xr-x 2 root smmsp 4096 Jun 4 2005 sasl
-rw-r--r-- 1 root smmsp 8198 Dec 2 09:22 sendmail.cf
-rw-r--r-- 1 root smmsp 269 Dec 2 09:22 sendmail.cf.errors
-rw-r--r-- 1 root root 10032 May 6 2002 sendmail.conf
-rw-r--r-- 1 root smmsp 46 Dec 2 09:22 sendmail.mc
-rw-r--r-- 1 root root 149 Jun 4 2005 service.switch
-rw-r--r-- 1 root root 180 Jun 4 2005 service.switch-nodns
drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 smrsh
-rw-r--r-- 1 root smmsp 7794 Dec 2 09:22 submit.cf
-rw-r--r-- 1 root smmsp 59 Dec 2 09:22 submit.mc
drwxr-xr-x 2 smmta smmsp 4096 Dec 2 09:21 tls
-rw-r--r-- 1 root smmsp 0 Dec 2 09:22 trusted-users
/etc/mail/m4:
total 8
drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 .
drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 ..
-rw-r----- 1 root smmsp 0 Dec 2 09:21 dialup.m4
-rw-r----- 1 root smmsp 0 Dec 2 09:21 provider.m4
/etc/mail/peers:
total 12
drwxr-xr-x 2 root root 4096 Dec 2 09:21 .
drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 ..
-rw-r--r-- 1 root root 328 Jun 4 2005 provider
/etc/mail/sasl:
total 8
drwxr-xr-x 2 root smmsp 4096 Jun 4 2005 .
drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 ..
/etc/mail/smrsh:
total 8
drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 .
drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 ..
lrwxrwxrwx 1 root smmsp 26 Dec 2 09:21 mail.local ->
/usr/lib/sm.bin/mail.local
lrwxrwxrwx 1 root smmsp 17 Dec 2 09:21 procmail -> /usr/bin/procmail
lrwxrwxrwx 1 root smmsp 17 Dec 2 09:21 vacation -> /usr/bin/vacation
/etc/mail/tls:
total 44
drwxr-xr-x 2 smmta smmsp 4096 Dec 2 09:21 .
drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 ..
-rw-r--r-- 1 root root 7 Dec 2 09:21 no_prompt
-rw------- 1 root root 1191 Dec 2 09:21 sendmail-client.cfg
-rw-r--r-- 1 root smmsp 1245 Dec 2 09:21 sendmail-client.crt
-rw------- 1 root root 1025 Dec 2 09:21 sendmail-client.csr
-rw-r----- 1 root smmsp 1679 Dec 2 09:21 sendmail-common.key
-rw------- 1 root root 0 Dec 2 09:21 sendmail-common.prm
-rw------- 1 root root 1191 Dec 2 09:21 sendmail-server.cfg
-rw-r--r-- 1 root smmsp 1245 Dec 2 09:21 sendmail-server.crt
-rw------- 1 root root 1025 Dec 2 09:21 sendmail-server.csr
-rwxr--r-- 1 root root 3152 Dec 2 09:21 starttls.m4
sendmail.conf:
DAEMON_MODE="Daemon";
DAEMON_PARMS="";
DAEMON_HOSTSTATS="Yes";
DAEMON_MAILSTATS="No";
QUEUE_MODE="${DAEMON_MODE}";
QUEUE_INTERVAL="10";
QUEUE_PARMS="";
MSP_MODE="${QUEUE_MODE}";
MSP_INTERVAL="${QUEUE_INTERVAL}";
MSP_PARMS="${QUEUE_PARMS}";
MSP_MAILSTATS="No";
MISC_PARMS="";
CRON_MAILTO="root";
CRON_PARMS="";
AGE_DATA="";
DAEMON_STATS="${DAEMON_MAILSTATS}";
MSP_STATS="${MSP_MAILSTATS}";
sendmail.mc:
[trigger for usr/share/sendmail/sm_helper.sh]
submit.mc...
FEATURE(`msp [trigger for usr/share/sendmail/sm_helper.sh]
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm0.5
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages sendmail depends on:
ii rmail 8.13.4-3 MTA->UUCP remote mail handler
ii sendmail-base 8.13.4-3 powerful, efficient, and scalable
ii sendmail-bin 8.13.4-3 powerful, efficient, and scalable
ii sendmail-cf 8.13.4-3 powerful, efficient, and scalable
ii sensible-mda 8.13.4-3 Mail Delivery Agent wrapper
Versions of packages sensible-mda depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii procmail 3.22-11 Versatile e-mail processor
ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable
Versions of packages rmail depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libldap2 2.1.30-8 OpenLDAP libraries
ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: sendmail
Source-Version: 8.13.6-1
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive:
libmilter-dev_8.13.6-1_i386.deb
to pool/main/s/sendmail/libmilter-dev_8.13.6-1_i386.deb
libmilter0-dbg_8.13.6-1_i386.deb
to pool/main/s/sendmail/libmilter0-dbg_8.13.6-1_i386.deb
libmilter0_8.13.6-1_i386.deb
to pool/main/s/sendmail/libmilter0_8.13.6-1_i386.deb
rmail_8.13.6-1_i386.deb
to pool/main/s/sendmail/rmail_8.13.6-1_i386.deb
sendmail-base_8.13.6-1_all.deb
to pool/main/s/sendmail/sendmail-base_8.13.6-1_all.deb
sendmail-bin_8.13.6-1_i386.deb
to pool/main/s/sendmail/sendmail-bin_8.13.6-1_i386.deb
sendmail-cf_8.13.6-1_all.deb
to pool/main/s/sendmail/sendmail-cf_8.13.6-1_all.deb
sendmail-doc_8.13.6-1_all.deb
to pool/main/s/sendmail/sendmail-doc_8.13.6-1_all.deb
sendmail_8.13.6-1.diff.gz
to pool/main/s/sendmail/sendmail_8.13.6-1.diff.gz
sendmail_8.13.6-1.dsc
to pool/main/s/sendmail/sendmail_8.13.6-1.dsc
sendmail_8.13.6-1_all.deb
to pool/main/s/sendmail/sendmail_8.13.6-1_all.deb
sendmail_8.13.6.orig.tar.gz
to pool/main/s/sendmail/sendmail_8.13.6.orig.tar.gz
sensible-mda_8.13.6-1_i386.deb
to pool/main/s/sendmail/sensible-mda_8.13.6-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Richard A Nelson (Rick) <[EMAIL PROTECTED]> (supplier of updated sendmail
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.7
Date: Wed, 22 Mar 2006 20:50:00 -0000
Source: sendmail
Binary: libmilter-dev rmail sendmail sendmail-doc libmilter0 sendmail-cf
sensible-mda libmilter0-dbg sendmail-base sendmail-bin
Architecture: source all i386
Version: 8.13.6-1
Distribution: unstable
Urgency: high
Maintainer: Richard A Nelson (Rick) <[EMAIL PROTECTED]>
Changed-By: Richard A Nelson (Rick) <[EMAIL PROTECTED]>
Description:
libmilter-dev - Sendmail Mail Filter API (Milter)
libmilter0 - Sendmail Mail Filter API (Milter)
libmilter0-dbg - Sendmail Mail Filter API (Milter)
rmail - MTA->UUCP remote mail handler
sendmail - powerful, efficient, and scalable Mail Transport Agent
sendmail-base - powerful, efficient, and scalable Mail Transport Agent
sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
sendmail-doc - powerful, efficient, and scalable Mail Transport Agent
sensible-mda - Mail Delivery Agent wrapper
Closes: 358440
Changes:
sendmail (8.13.6-1) unstable; urgency=high
.
* Fix race condition, potentially allowing remote execution of arbitrary
code [CVE-2006-0058]. Using upstream patch 8.13.5.p0 (Closes: #358440)
.
* Add libmilter0-dbg to help those building milter packages
Files:
34efdb67861ab448baa2a10caf9f791a 1023 mail extra sendmail_8.13.6-1.dsc
b996d4d22478b5aa116b506cf7400560 1979683 mail extra sendmail_8.13.6.orig.tar.gz
74a732ecb00e1cfaa1e0e11ff93b7099 368392 mail extra sendmail_8.13.6-1.diff.gz
4df87f65dd5d68ed5305552464950755 823398 doc extra sendmail-doc_8.13.6-1_all.deb
55f243a6fc1abe25dbade6f303811d6a 195934 mail extra sendmail_8.13.6-1_all.deb
8e9d457855fea3d653a3d5bc24f03f61 345924 mail extra
sendmail-base_8.13.6-1_all.deb
ccbd2e1b4a66262fda4c33a2d52733fa 282990 mail extra sendmail-cf_8.13.6-1_all.deb
3e46d63614d9e6bb023215967d8f8131 829494 mail extra
sendmail-bin_8.13.6-1_i386.deb
5d309120d3c24763d22e486e07f8b309 227184 mail extra rmail_8.13.6-1_i386.deb
78d19d51371d339b30f4352ad513e097 201450 mail extra
sensible-mda_8.13.6-1_i386.deb
4f39d46066f6c05753ffcc2cb34c351a 252514 libs extra libmilter0_8.13.6-1_i386.deb
ee4feab6ea12ffa0c9eb3f9a468e99b0 195490 libs extra
libmilter0-dbg_8.13.6-1_i386.deb
0ff744b8d06645596c5348514581cd12 292350 libdevel extra
libmilter-dev_8.13.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iQCVAwUBRCLy66VTksHk9ElFAQGaTAP/aUo/Rc+TK4h8M+03e7l1A/7abkMz5kFI
Z4M4H53ilGpxqg9P2hsvrGHLocPbcjTG8oxf4BfpJ3Pu29qN8VHdBLBmES7c8tYf
JNJHjF1v/w6HNi1Hy1D9ET+mUQZwfCiEiHGK3t2AmINXsHTKPRxz+VL8YhKjas80
+iDd0hPhB98=
=RJx/
-----END PGP SIGNATURE-----
--- End Message ---
