search for: parseaddr

...ion details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.14 RELENG_5_1 src/UPDATING 1.251.2.6 src/contrib/sendmail/src/parseaddr.c 1.1.1.17.2.1 src/contrib/sendmail/src/version.c 1.1.1.19.2.1 src/sys/conf/newvers.sh...

...ion details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.14 RELENG_5_1 src/UPDATING 1.251.2.6 src/contrib/sendmail/src/parseaddr.c 1.1.1.17.2.1 src/contrib/sendmail/src/version.c 1.1.1.19.2.1 src/sys/conf/newvers.sh...

...; > There seems to be a remotely exploitable vulnerability in Sendmail up to > and including the latest version, 8.12.9. The problem lies in prescan() > function, but is not related to previous issues with this code. > > The primary attack vector is an indirect invocation via parseaddr(), > although other routes are possible. Heap or stack structures, depending > on the calling location, can be overwritten due to the ability to go > past end of the input buffer in strtok()-alike routines. > > This is an early release, thanks to my sheer stupidity. > >...

...src/deliver.c 1.1.1.3.2.14 src/contrib/sendmail/src/headers.c 1.4.2.10 src/contrib/sendmail/src/main.c 1.1.1.3.2.15 src/contrib/sendmail/src/milter.c 1.1.1.1.2.16 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.13 src/contrib/sendmail/src/queue.c 1.1.1.3.2.14 src/contrib/sendmail/src/readcf.c 1.1.1.4.2.14 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.15 src/contrib/sendmail/src/sm_resolve.c...

...src/conf.c 1.5.2.20 src/contrib/sendmail/src/deliver.c 1.1.1.3.2.20 src/contrib/sendmail/src/headers.c 1.4.2.16 src/contrib/sendmail/src/mime.c 1.1.1.3.2.10 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.20 src/contrib/sendmail/src/savemail.c 1.4.2.13 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.22 src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.16 src/contrib/sendmail/src/sfsasl.h...

You've probably already seen the latest sendmail vulnerability. http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html I believe you can apply the following patch to any of the security branches: http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 Download the patch and: # cd /usr/src # patch -p1 < /path/to/patch # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install Official advisory will go out later today. Cheers, -- Jacques Vidrine ....

You've probably already seen the latest sendmail vulnerability. http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html I believe you can apply the following patch to any of the security branches: http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 Download the patch and: # cd /usr/src # patch -p1 < /path/to/patch # cd /usr/src/usr.sbin/sendmail # make obj && make depend && make && make install Official advisory will go out later today. Cheers, -- Jacques Vidrine ....

...src/deliver.c 1.1.1.3.2.14 src/contrib/sendmail/src/headers.c 1.4.2.10 src/contrib/sendmail/src/main.c 1.1.1.3.2.15 src/contrib/sendmail/src/milter.c 1.1.1.1.2.16 src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.13 src/contrib/sendmail/src/queue.c 1.1.1.3.2.14 src/contrib/sendmail/src/readcf.c 1.1.1.4.2.14 src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.15 src/contrib/sendmail/src/sm_resolve.c...

This is not strictly Dovecot question, but a more general IMAP one. I'm running a Dovecot server and have a user who is claiming that some email sent to him, say, on 30 May, showed up in his mailbox on 02 Jun. I've checked Postfix logs, and the message was correctly received on 30 May and passed to Dovecot. A similar issue happens every few days. This leaves me with two possibilities:

From bugtraq :-( >-----BEGIN PGP SIGNED MESSAGE----- > >Sendmail, Inc., and the Sendmail Consortium announce the availability >of sendmail 8.12.9. It contains a fix for a critical security >problem discovered by Michal Zalewski whom we thank for bringing >this problem to our attention. Sendmail urges all users to either >upgrade to sendmail 8.12.9 or apply a patch for