Package: sendmail; Maintainer for sendmail is Debian QA Group <packages@qa.debian.org>; Source for sendmail is src:sendmail (PTS, buildd, popcon).
Reported by: Paul Szabo <psz@maths.usyd.edu.au>
Date: Wed, 22 Mar 2006 19:33:04 UTC
Severity: critical
Tags: security
Found in version sendmail/8.13.4-3
Fixed in version sendmail/8.13.6-1
Done: Richard A Nelson (Rick) <cowboy@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>
:
Bug#358440
; Package sendmail
.
(full text, mbox, link).
Acknowledgement sent to Paul Szabo <psz@maths.usyd.edu.au>
:
New Bug report received and forwarded. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: sendmail Version: 8.13.4-3 Severity: critical Justification: root security hole Please see the following advisories/reports: http://www.auscert.org.au/6148 http://xforce.iss.net/xforce/alerts/id/216 http://www.sendmail.org/8.13.6.html Cheers, Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- Package-specific info: Ouput of /usr/share/bug/sendmail/script: ls -alR /etc/mail: /etc/mail: total 272 drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 . drwxr-xr-x 91 root root 8192 Mar 20 22:47 .. -rwxr-xr-- 1 root smmsp 9116 Dec 2 09:21 Makefile -rw------- 1 root root 4211 Dec 2 09:22 access -rw-r----- 1 smmta smmsp 12288 Dec 2 09:22 access.db -rw-r--r-- 1 root root 281 Jun 4 2005 address.resolve lrwxrwxrwx 1 root smmsp 10 Dec 2 09:22 aliases -> ../aliases -rw-r----- 1 smmta smmsp 12288 Dec 2 09:22 aliases.db -rw-r--r-- 1 root root 3058 Dec 2 09:21 databases -rw-r--r-- 1 root root 5588 Jun 4 2005 helpfile -rw-r--r-- 1 root smmsp 35 Dec 2 09:22 local-host-names drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 m4 drwxr-xr-x 2 root root 4096 Dec 2 09:21 peers drwxr-xr-x 2 root smmsp 4096 Jun 4 2005 sasl -rw-r--r-- 1 root smmsp 8198 Dec 2 09:22 sendmail.cf -rw-r--r-- 1 root smmsp 269 Dec 2 09:22 sendmail.cf.errors -rw-r--r-- 1 root root 10032 May 6 2002 sendmail.conf -rw-r--r-- 1 root smmsp 46 Dec 2 09:22 sendmail.mc -rw-r--r-- 1 root root 149 Jun 4 2005 service.switch -rw-r--r-- 1 root root 180 Jun 4 2005 service.switch-nodns drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 smrsh -rw-r--r-- 1 root smmsp 7794 Dec 2 09:22 submit.cf -rw-r--r-- 1 root smmsp 59 Dec 2 09:22 submit.mc drwxr-xr-x 2 smmta smmsp 4096 Dec 2 09:21 tls -rw-r--r-- 1 root smmsp 0 Dec 2 09:22 trusted-users /etc/mail/m4: total 8 drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 . drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 .. -rw-r----- 1 root smmsp 0 Dec 2 09:21 dialup.m4 -rw-r----- 1 root smmsp 0 Dec 2 09:21 provider.m4 /etc/mail/peers: total 12 drwxr-xr-x 2 root root 4096 Dec 2 09:21 . drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 .. -rw-r--r-- 1 root root 328 Jun 4 2005 provider /etc/mail/sasl: total 8 drwxr-xr-x 2 root smmsp 4096 Jun 4 2005 . drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 .. /etc/mail/smrsh: total 8 drwxr-sr-x 2 smmta smmsp 4096 Dec 2 09:21 . drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 .. lrwxrwxrwx 1 root smmsp 26 Dec 2 09:21 mail.local -> /usr/lib/sm.bin/mail.local lrwxrwxrwx 1 root smmsp 17 Dec 2 09:21 procmail -> /usr/bin/procmail lrwxrwxrwx 1 root smmsp 17 Dec 2 09:21 vacation -> /usr/bin/vacation /etc/mail/tls: total 44 drwxr-xr-x 2 smmta smmsp 4096 Dec 2 09:21 . drwxr-sr-x 7 smmta smmsp 4096 Dec 2 09:22 .. -rw-r--r-- 1 root root 7 Dec 2 09:21 no_prompt -rw------- 1 root root 1191 Dec 2 09:21 sendmail-client.cfg -rw-r--r-- 1 root smmsp 1245 Dec 2 09:21 sendmail-client.crt -rw------- 1 root root 1025 Dec 2 09:21 sendmail-client.csr -rw-r----- 1 root smmsp 1679 Dec 2 09:21 sendmail-common.key -rw------- 1 root root 0 Dec 2 09:21 sendmail-common.prm -rw------- 1 root root 1191 Dec 2 09:21 sendmail-server.cfg -rw-r--r-- 1 root smmsp 1245 Dec 2 09:21 sendmail-server.crt -rw------- 1 root root 1025 Dec 2 09:21 sendmail-server.csr -rwxr--r-- 1 root root 3152 Dec 2 09:21 starttls.m4 sendmail.conf: DAEMON_MODE="Daemon"; DAEMON_PARMS=""; DAEMON_HOSTSTATS="Yes"; DAEMON_MAILSTATS="No"; QUEUE_MODE="${DAEMON_MODE}"; QUEUE_INTERVAL="10"; QUEUE_PARMS=""; MSP_MODE="${QUEUE_MODE}"; MSP_INTERVAL="${QUEUE_INTERVAL}"; MSP_PARMS="${QUEUE_PARMS}"; MSP_MAILSTATS="No"; MISC_PARMS=""; CRON_MAILTO="root"; CRON_PARMS=""; AGE_DATA=""; DAEMON_STATS="${DAEMON_MAILSTATS}"; MSP_STATS="${MSP_MAILSTATS}"; sendmail.mc: [trigger for usr/share/sendmail/sm_helper.sh] submit.mc... FEATURE(`msp [trigger for usr/share/sendmail/sm_helper.sh] -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm0.5 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages sendmail depends on: ii rmail 8.13.4-3 MTA->UUCP remote mail handler ii sendmail-base 8.13.4-3 powerful, efficient, and scalable ii sendmail-bin 8.13.4-3 powerful, efficient, and scalable ii sendmail-cf 8.13.4-3 powerful, efficient, and scalable ii sensible-mda 8.13.4-3 Mail Delivery Agent wrapper Versions of packages sensible-mda depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii procmail 3.22-11 Versatile e-mail processor ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable Versions of packages rmail depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable -- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>
:
Bug#358440
; Package sendmail
.
(full text, mbox, link).
Acknowledgement sent to Blars Blarson <blarson@blars.org>
:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>
.
(full text, mbox, link).
Message #10 received at 358440@bugs.debian.org (full text, mbox, reply):
Package: sendmail Version: 8.13.4-3 Followup-For: Bug #358440 tags 358440 security thanks Cert also lists this bug: http://www.us-cert.gov/cas/techalerts/TA06-081A.html -- Package-specific info: Ouput of /usr/share/bug/sendmail/script: ls -alR /etc/mail: /etc/mail: total 251 -rw-r--r-- 1 root smmsp 128 Oct 31 2002 --help drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 . drwxr-xr-x 126 root root 6144 Mar 22 05:39 .. -rwxr-xr-- 1 root smmsp 9050 Aug 14 2005 Makefile -rw-r--r-- 1 root mail 6898 Dec 31 2001 Makefile.bad -rw-r--r-- 1 root mail 6897 Dec 31 2001 Makefile.fix -rw-r--r-- 1 root root 281 Jun 3 2005 address.resolve -rw-r--r-- 1 root smmsp 5406 Feb 23 14:31 aliases -rw-r----- 1 smmta smmsp 12288 Feb 23 14:31 aliases.db -rw-r--r-- 1 root root 3201 Aug 14 2005 databases -rw-r--r-- 1 mail mail 5588 Jun 3 2005 helpfile -rw-r--r-- 1 root smmsp 175 Oct 16 2003 local-host-names drwxr-sr-x 2 smmta smmsp 1024 Aug 14 2005 m4 drwxr-xr-x 2 root root 1024 Aug 14 2005 peers -rw-r--r-- 1 root smmsp 22 Oct 28 2002 relay-domains drwxr-xr-x 2 root smmsp 1024 Jun 3 2005 sasl -rw-r--r-- 1 root smmsp 47237 Sep 27 20:19 sendmail.cf -rw-r--r-- 1 root smmsp 300 Sep 27 20:19 sendmail.cf.errors -rw-r--r-- 1 root root 11883 Aug 14 2005 sendmail.conf -rw-r--r-- 1 root smmsp 3795 Aug 14 2005 sendmail.mc -rw-r--r-- 1 root smmsp 3198 Jul 14 2002 sendmail.mc.noosiru -rw-r--r-- 1 root smmsp 3298 Jul 14 2002 sendmail.mc.ok -rw-r--r-- 1 root root 149 Oct 25 1999 service.switch -rw-r--r-- 1 root root 180 Oct 25 1999 service.switch-nodns drwxr-sr-x 2 smmta smmsp 1024 Aug 18 2005 smrsh lrwxrwxrwx 1 root root 15 Aug 14 2005 spamassassin -> ../spamassassin -rw-r--r-- 1 root smmsp 43604 Aug 14 2005 submit.cf -rw-r--r-- 1 root smmsp 2014 Aug 14 2005 submit.mc drwxr-xr-x 2 smmta smmsp 1024 Aug 14 2005 tls -rw-r--r-- 1 root smmsp 0 Aug 14 2005 trusted-users /etc/mail/m4: total 2 drwxr-sr-x 2 smmta smmsp 1024 Aug 14 2005 . drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. -rw-r----- 1 root smmsp 0 Aug 14 2005 dialup.m4 -rw-r----- 1 root smmsp 0 Aug 14 2005 provider.m4 /etc/mail/peers: total 3 drwxr-xr-x 2 root root 1024 Aug 14 2005 . drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. -rw-r--r-- 1 root root 328 Jul 17 2001 provider /etc/mail/sasl: total 2 drwxr-xr-x 2 root smmsp 1024 Jun 3 2005 . drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. /etc/mail/smrsh: total 3 drwxr-sr-x 2 smmta smmsp 1024 Aug 18 2005 . drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. -rwxr-xr-x 1 root smmsp 82 Aug 18 2005 ecartis lrwxrwxrwx 1 root smmsp 26 Aug 14 2005 mail.local -> /usr/lib/sm.bin/mail.local lrwxrwxrwx 1 root smmsp 25 Aug 15 2005 mail2news -> /usr/local/sbin/mail2news lrwxrwxrwx 1 root smmsp 17 Aug 14 2005 procmail -> /usr/bin/procmail lrwxrwxrwx 1 root smmsp 17 Aug 14 2005 vacation -> /usr/bin/vacation /etc/mail/tls: total 19 drwxr-xr-x 2 smmta smmsp 1024 Aug 14 2005 . drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. -rw-r--r-- 1 root root 7 Aug 14 2005 no_prompt -rw------- 1 root root 1191 Aug 14 2005 sendmail-client.cfg -rw-r--r-- 1 root smmsp 1172 Aug 14 2005 sendmail-client.crt -rw------- 1 root root 989 Aug 14 2005 sendmail-client.csr -rw-r----- 1 root smmsp 1679 Aug 14 2005 sendmail-common.key -rw------- 1 root root 0 Aug 14 2005 sendmail-common.prm -rw------- 1 root root 1191 Aug 14 2005 sendmail-server.cfg -rw-r--r-- 1 root smmsp 1172 Aug 14 2005 sendmail-server.crt -rw------- 1 root root 989 Aug 14 2005 sendmail-server.csr -rwxr--r-- 1 root root 3137 Aug 14 2005 starttls.m4 sendmail.conf: DAEMON_NETMODE="Static"; DAEMON_NETIF="lo"; DAEMON_MODE="Daemon"; DAEMON_PARMS=""; DAEMON_HOSTSTATS="Yes"; DAEMON_MAILSTATS="No"; QUEUE_MODE="${DAEMON_MODE}"; QUEUE_INTERVAL="10m"; QUEUE_PARMS=""; MSP_MODE="Cron"; MSP_INTERVAL="20m"; MSP_PARMS=""; MSP_MAILSTATS="${DAEMON_MAILSTATS}"; MISC_PARMS=""; CRON_MAILTO="root"; CRON_PARMS=""; LOG_CMDS="No"; HANDS_OFF="No"; AGE_DATA=""; DAEMON_RUNASUSER="No"; DAEMON_STATS="${DAEMON_MAILSTATS}"; MSP_STATS="${MSP_MAILSTATS}"; sendmail.mc: divert(-1) divert(0) define(`_USE_ETC_MAIL_')dnl define(`confPRIVACY_FLAGS', `needmailhelo,authwarnings,novrfy,noexpn,norecipts,nobodyreturn')dnl define(`confMAX_MESSAGE_SIZE', `1400000')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`@(#)sendmail.mc 8.9.3-21 (Debian) 20000309') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl LOCAL_CONFIG FEATURE(masquerade_envelope)dnl FEATURE(always_add_domain)dnl Cwblars.org FEATURE(`relay_entire_domain')dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(`nouucp', `reject')dnl FEATURE(`smrsh')dnl include(`/etc/mail/tls/starttls.m4')dnl FEATURE(`dnsbl',`list.dsbl.org',`"mail from open proxies and relays refused, see http://www.dsbl.org"')dnl FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`"mail from spammers refused, see http://www.spamhaus.org"') FEATURE(`dnsbl',`block.blars.org',`"mail from spamming sites refused, see http://www.blars.org/errors/block.html"')dnl define(`confME_TOO', True)dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG MASQUERADE_AS(blars.org)dnl LOCAL_RULESETS HContent-Type: $>CheckContentType HReturn-Receipt-To: $>ReturnReciept HX-MailScanner: $>MailScanner SCheckContentType Rtext/html$* $#error $: 553 html mail refused Rapplication/pgp$* $@ OK Rapplication$* $#error $: 553 non-text email refused Rimage$* $#error $: 553 non-text email refused R$*charset=koi$* $#error $: 553 non-english email refused R$* $@ OK SReturnReciept R$* $#error $: 553 Mail requesting return reciept rejected SMailScanner submit.mc... divert(-1)dnl divert(0)dnl define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: submit.mc, v 8.12.0.Beta19 2001/04/23 12:00:00 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-msp')dnl include(`/etc/mail/tls/starttls.m4')dnl FEATURE(`msp')dnl -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages sendmail depends on: ii rmail 8.13.4-3 MTA->UUCP remote mail handler ii sendmail-base 8.13.4-3 powerful, efficient, and scalable ii sendmail-bin 8.13.4-3 powerful, efficient, and scalable ii sendmail-cf 8.13.4-3 powerful, efficient, and scalable ii sensible-mda 8.13.4-3 Mail Delivery Agent wrapper Versions of packages sensible-mda depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii procmail 3.22-11 Versatile e-mail processor ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable Versions of packages rmail depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable Versions of packages libmilter0 depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an -- no debconf information -- Blars Blarson blarson@blars.org http://www.blars.org/blars.html With Microsoft, failure is not an option. It is a standard feature.
Tags added: security
Request was from Blars Blarson <blarson@blars.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Richard A Nelson (Rick) <cowboy@debian.org>
:
Bug#358440
; Package sendmail
.
(full text, mbox, link).
Acknowledgement sent to Richard A Nelson <cowboy@debian.org>
:
Extra info received and forwarded to list. Copy sent to Richard A Nelson (Rick) <cowboy@debian.org>
.
(full text, mbox, link).
Message #17 received at 358440@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
sendmail 8.13.6 is already headed to unstable... and attached is a reworked patch that applies to 8.13.4-3 in stable On Wed, 22 Mar 2006, Blars Blarson wrote: > > Package: sendmail > Version: 8.13.4-3 > Followup-For: Bug #358440 > > > tags 358440 security > thanks > > Cert also lists this bug: > http://www.us-cert.gov/cas/techalerts/TA06-081A.html > > > -- Package-specific info: > Ouput of /usr/share/bug/sendmail/script: > > ls -alR /etc/mail: > /etc/mail: > total 251 > -rw-r--r-- 1 root smmsp 128 Oct 31 2002 --help > drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 . > drwxr-xr-x 126 root root 6144 Mar 22 05:39 .. > -rwxr-xr-- 1 root smmsp 9050 Aug 14 2005 Makefile > -rw-r--r-- 1 root mail 6898 Dec 31 2001 Makefile.bad > -rw-r--r-- 1 root mail 6897 Dec 31 2001 Makefile.fix > -rw-r--r-- 1 root root 281 Jun 3 2005 address.resolve > -rw-r--r-- 1 root smmsp 5406 Feb 23 14:31 aliases > -rw-r----- 1 smmta smmsp 12288 Feb 23 14:31 aliases.db > -rw-r--r-- 1 root root 3201 Aug 14 2005 databases > -rw-r--r-- 1 mail mail 5588 Jun 3 2005 helpfile > -rw-r--r-- 1 root smmsp 175 Oct 16 2003 local-host-names > drwxr-sr-x 2 smmta smmsp 1024 Aug 14 2005 m4 > drwxr-xr-x 2 root root 1024 Aug 14 2005 peers > -rw-r--r-- 1 root smmsp 22 Oct 28 2002 relay-domains > drwxr-xr-x 2 root smmsp 1024 Jun 3 2005 sasl > -rw-r--r-- 1 root smmsp 47237 Sep 27 20:19 sendmail.cf > -rw-r--r-- 1 root smmsp 300 Sep 27 20:19 sendmail.cf.errors > -rw-r--r-- 1 root root 11883 Aug 14 2005 sendmail.conf > -rw-r--r-- 1 root smmsp 3795 Aug 14 2005 sendmail.mc > -rw-r--r-- 1 root smmsp 3198 Jul 14 2002 sendmail.mc.noosiru > -rw-r--r-- 1 root smmsp 3298 Jul 14 2002 sendmail.mc.ok > -rw-r--r-- 1 root root 149 Oct 25 1999 service.switch > -rw-r--r-- 1 root root 180 Oct 25 1999 service.switch-nodns > drwxr-sr-x 2 smmta smmsp 1024 Aug 18 2005 smrsh > lrwxrwxrwx 1 root root 15 Aug 14 2005 spamassassin -> ../spamassassin > -rw-r--r-- 1 root smmsp 43604 Aug 14 2005 submit.cf > -rw-r--r-- 1 root smmsp 2014 Aug 14 2005 submit.mc > drwxr-xr-x 2 smmta smmsp 1024 Aug 14 2005 tls > -rw-r--r-- 1 root smmsp 0 Aug 14 2005 trusted-users > > /etc/mail/m4: > total 2 > drwxr-sr-x 2 smmta smmsp 1024 Aug 14 2005 . > drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. > -rw-r----- 1 root smmsp 0 Aug 14 2005 dialup.m4 > -rw-r----- 1 root smmsp 0 Aug 14 2005 provider.m4 > > /etc/mail/peers: > total 3 > drwxr-xr-x 2 root root 1024 Aug 14 2005 . > drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. > -rw-r--r-- 1 root root 328 Jul 17 2001 provider > > /etc/mail/sasl: > total 2 > drwxr-xr-x 2 root smmsp 1024 Jun 3 2005 . > drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. > > /etc/mail/smrsh: > total 3 > drwxr-sr-x 2 smmta smmsp 1024 Aug 18 2005 . > drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. > -rwxr-xr-x 1 root smmsp 82 Aug 18 2005 ecartis > lrwxrwxrwx 1 root smmsp 26 Aug 14 2005 mail.local -> /usr/lib/sm.bin/mail.local > lrwxrwxrwx 1 root smmsp 25 Aug 15 2005 mail2news -> /usr/local/sbin/mail2news > lrwxrwxrwx 1 root smmsp 17 Aug 14 2005 procmail -> /usr/bin/procmail > lrwxrwxrwx 1 root smmsp 17 Aug 14 2005 vacation -> /usr/bin/vacation > > /etc/mail/tls: > total 19 > drwxr-xr-x 2 smmta smmsp 1024 Aug 14 2005 . > drwxr-sr-x 7 smmta smmsp 1024 Feb 23 14:31 .. > -rw-r--r-- 1 root root 7 Aug 14 2005 no_prompt > -rw------- 1 root root 1191 Aug 14 2005 sendmail-client.cfg > -rw-r--r-- 1 root smmsp 1172 Aug 14 2005 sendmail-client.crt > -rw------- 1 root root 989 Aug 14 2005 sendmail-client.csr > -rw-r----- 1 root smmsp 1679 Aug 14 2005 sendmail-common.key > -rw------- 1 root root 0 Aug 14 2005 sendmail-common.prm > -rw------- 1 root root 1191 Aug 14 2005 sendmail-server.cfg > -rw-r--r-- 1 root smmsp 1172 Aug 14 2005 sendmail-server.crt > -rw------- 1 root root 989 Aug 14 2005 sendmail-server.csr > -rwxr--r-- 1 root root 3137 Aug 14 2005 starttls.m4 > > sendmail.conf: > DAEMON_NETMODE="Static"; > DAEMON_NETIF="lo"; > DAEMON_MODE="Daemon"; > DAEMON_PARMS=""; > DAEMON_HOSTSTATS="Yes"; > DAEMON_MAILSTATS="No"; > QUEUE_MODE="${DAEMON_MODE}"; > QUEUE_INTERVAL="10m"; > QUEUE_PARMS=""; > MSP_MODE="Cron"; > MSP_INTERVAL="20m"; > MSP_PARMS=""; > MSP_MAILSTATS="${DAEMON_MAILSTATS}"; > MISC_PARMS=""; > CRON_MAILTO="root"; > CRON_PARMS=""; > LOG_CMDS="No"; > HANDS_OFF="No"; > AGE_DATA=""; > DAEMON_RUNASUSER="No"; > DAEMON_STATS="${DAEMON_MAILSTATS}"; > MSP_STATS="${MSP_MAILSTATS}"; > > > sendmail.mc: > divert(-1) > divert(0) > define(`_USE_ETC_MAIL_')dnl > define(`confPRIVACY_FLAGS', `needmailhelo,authwarnings,novrfy,noexpn,norecipts,nobodyreturn')dnl > define(`confMAX_MESSAGE_SIZE', `1400000')dnl > include(`/usr/share/sendmail/cf/m4/cf.m4')dnl > VERSIONID(`@(#)sendmail.mc 8.9.3-21 (Debian) 20000309') > OSTYPE(`debian')dnl > DOMAIN(`debian-mta')dnl > LOCAL_CONFIG > FEATURE(masquerade_envelope)dnl > FEATURE(always_add_domain)dnl > Cwblars.org > FEATURE(`relay_entire_domain')dnl > FEATURE(use_cw_file)dnl > FEATURE(use_ct_file)dnl > FEATURE(`nouucp', `reject')dnl > FEATURE(`smrsh')dnl > include(`/etc/mail/tls/starttls.m4')dnl > FEATURE(`dnsbl',`list.dsbl.org',`"mail from open proxies and relays refused, see http://www.dsbl.org"')dnl > FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`"mail from spammers refused, see http://www.spamhaus.org"') > FEATURE(`dnsbl',`block.blars.org',`"mail from spamming sites refused, see http://www.blars.org/errors/block.html"')dnl > define(`confME_TOO', True)dnl > MAILER_DEFINITIONS > MAILER(local)dnl > MAILER(smtp)dnl > LOCAL_CONFIG > MASQUERADE_AS(blars.org)dnl > LOCAL_RULESETS > HContent-Type: $>CheckContentType > HReturn-Receipt-To: $>ReturnReciept > HX-MailScanner: $>MailScanner > SCheckContentType > Rtext/html$* $#error $: 553 html mail refused > Rapplication/pgp$* $@ OK > Rapplication$* $#error $: 553 non-text email refused > Rimage$* $#error $: 553 non-text email refused > R$*charset=koi$* $#error $: 553 non-english email refused > R$* $@ OK > SReturnReciept > R$* $#error $: 553 Mail requesting return reciept rejected > SMailScanner > > submit.mc... > divert(-1)dnl > divert(0)dnl > define(`_USE_ETC_MAIL_')dnl > include(`/usr/share/sendmail/cf/m4/cf.m4')dnl > VERSIONID(`$Id: submit.mc, v 8.12.0.Beta19 2001/04/23 12:00:00 cowboy Exp $') > OSTYPE(`debian')dnl > DOMAIN(`debian-msp')dnl > include(`/etc/mail/tls/starttls.m4')dnl > FEATURE(`msp')dnl > > > -- System Information: > Debian Release: 3.1 > Architecture: i386 (i686) > Kernel: Linux 2.4.27-2-686 > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) > > Versions of packages sendmail depends on: > ii rmail 8.13.4-3 MTA->UUCP remote mail handler > ii sendmail-base 8.13.4-3 powerful, efficient, and scalable > ii sendmail-bin 8.13.4-3 powerful, efficient, and scalable > ii sendmail-cf 8.13.4-3 powerful, efficient, and scalable > ii sensible-mda 8.13.4-3 Mail Delivery Agent wrapper > > Versions of packages sensible-mda depends on: > ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an > ii procmail 3.22-11 Versatile e-mail processor > ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable > > Versions of packages rmail depends on: > ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an > ii libldap2 2.1.30-8 OpenLDAP libraries > ii sendmail-bin [mail-transpor 8.13.4-3 powerful, efficient, and scalable > > Versions of packages libmilter0 depends on: > ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an > > -- no debconf information > > -- Rick Nelson <knghtbrd> add a GF2/3, a sizable hard drive, and a 15" flat panel and you've got a pretty damned portable machine. <Coderjoe> a GeForce Two-Thirds? <knghtbrd> Coderjoe: yes, a GeForce two-thirds, ie, any card from ATI.
[8.13.5.p0 (text/plain, attachment)]
Reply sent to Richard A Nelson (Rick) <cowboy@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Paul Szabo <psz@maths.usyd.edu.au>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #22 received at 358440-close@bugs.debian.org (full text, mbox, reply):
Source: sendmail Source-Version: 8.13.6-1 We believe that the bug you reported is fixed in the latest version of sendmail, which is due to be installed in the Debian FTP archive: libmilter-dev_8.13.6-1_i386.deb to pool/main/s/sendmail/libmilter-dev_8.13.6-1_i386.deb libmilter0-dbg_8.13.6-1_i386.deb to pool/main/s/sendmail/libmilter0-dbg_8.13.6-1_i386.deb libmilter0_8.13.6-1_i386.deb to pool/main/s/sendmail/libmilter0_8.13.6-1_i386.deb rmail_8.13.6-1_i386.deb to pool/main/s/sendmail/rmail_8.13.6-1_i386.deb sendmail-base_8.13.6-1_all.deb to pool/main/s/sendmail/sendmail-base_8.13.6-1_all.deb sendmail-bin_8.13.6-1_i386.deb to pool/main/s/sendmail/sendmail-bin_8.13.6-1_i386.deb sendmail-cf_8.13.6-1_all.deb to pool/main/s/sendmail/sendmail-cf_8.13.6-1_all.deb sendmail-doc_8.13.6-1_all.deb to pool/main/s/sendmail/sendmail-doc_8.13.6-1_all.deb sendmail_8.13.6-1.diff.gz to pool/main/s/sendmail/sendmail_8.13.6-1.diff.gz sendmail_8.13.6-1.dsc to pool/main/s/sendmail/sendmail_8.13.6-1.dsc sendmail_8.13.6-1_all.deb to pool/main/s/sendmail/sendmail_8.13.6-1_all.deb sendmail_8.13.6.orig.tar.gz to pool/main/s/sendmail/sendmail_8.13.6.orig.tar.gz sensible-mda_8.13.6-1_i386.deb to pool/main/s/sendmail/sensible-mda_8.13.6-1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 358440@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard A Nelson (Rick) <cowboy@debian.org> (supplier of updated sendmail package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Format: 1.7 Date: Wed, 22 Mar 2006 20:50:00 -0000 Source: sendmail Binary: libmilter-dev rmail sendmail sendmail-doc libmilter0 sendmail-cf sensible-mda libmilter0-dbg sendmail-base sendmail-bin Architecture: source all i386 Version: 8.13.6-1 Distribution: unstable Urgency: high Maintainer: Richard A Nelson (Rick) <cowboy@debian.org> Changed-By: Richard A Nelson (Rick) <cowboy@debian.org> Description: libmilter-dev - Sendmail Mail Filter API (Milter) libmilter0 - Sendmail Mail Filter API (Milter) libmilter0-dbg - Sendmail Mail Filter API (Milter) rmail - MTA->UUCP remote mail handler sendmail - powerful, efficient, and scalable Mail Transport Agent sendmail-base - powerful, efficient, and scalable Mail Transport Agent sendmail-bin - powerful, efficient, and scalable Mail Transport Agent sendmail-cf - powerful, efficient, and scalable Mail Transport Agent sendmail-doc - powerful, efficient, and scalable Mail Transport Agent sensible-mda - Mail Delivery Agent wrapper Closes: 358440 Changes: sendmail (8.13.6-1) unstable; urgency=high . * Fix race condition, potentially allowing remote execution of arbitrary code [CVE-2006-0058]. Using upstream patch 8.13.5.p0 (Closes: #358440) . * Add libmilter0-dbg to help those building milter packages Files: 34efdb67861ab448baa2a10caf9f791a 1023 mail extra sendmail_8.13.6-1.dsc b996d4d22478b5aa116b506cf7400560 1979683 mail extra sendmail_8.13.6.orig.tar.gz 74a732ecb00e1cfaa1e0e11ff93b7099 368392 mail extra sendmail_8.13.6-1.diff.gz 4df87f65dd5d68ed5305552464950755 823398 doc extra sendmail-doc_8.13.6-1_all.deb 55f243a6fc1abe25dbade6f303811d6a 195934 mail extra sendmail_8.13.6-1_all.deb 8e9d457855fea3d653a3d5bc24f03f61 345924 mail extra sendmail-base_8.13.6-1_all.deb ccbd2e1b4a66262fda4c33a2d52733fa 282990 mail extra sendmail-cf_8.13.6-1_all.deb 3e46d63614d9e6bb023215967d8f8131 829494 mail extra sendmail-bin_8.13.6-1_i386.deb 5d309120d3c24763d22e486e07f8b309 227184 mail extra rmail_8.13.6-1_i386.deb 78d19d51371d339b30f4352ad513e097 201450 mail extra sensible-mda_8.13.6-1_i386.deb 4f39d46066f6c05753ffcc2cb34c351a 252514 libs extra libmilter0_8.13.6-1_i386.deb ee4feab6ea12ffa0c9eb3f9a468e99b0 195490 libs extra libmilter0-dbg_8.13.6-1_i386.deb 0ff744b8d06645596c5348514581cd12 292350 libdevel extra libmilter-dev_8.13.6-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iQCVAwUBRCLy66VTksHk9ElFAQGaTAP/aUo/Rc+TK4h8M+03e7l1A/7abkMz5kFI Z4M4H53ilGpxqg9P2hsvrGHLocPbcjTG8oxf4BfpJ3Pu29qN8VHdBLBmES7c8tYf JNJHjF1v/w6HNi1Hy1D9ET+mUQZwfCiEiHGK3t2AmINXsHTKPRxz+VL8YhKjas80 +iDd0hPhB98= =RJx/ -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 25 Jun 2007 08:04:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.