Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11900
HistoryMar 22, 2006 - 12:00 a.m.

Sendmail 8.13.6 release notes

2006-03-2200:00:00
vulners.com
16
JSON

8.13.6/8.13.6 2006/03/22
SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
and client side of sendmail with timeouts in the libsm I/O
layer and fix problems in that code. Also fix handling of
a buffer in sm_syslog() which could have been used as an
attack vector to exploit the unsafe handling of
setjmp(3)/longjmp(3) in combination with signals.
Problem detected by Mark Dowd of ISS X-Force.
Handle theoretical integer overflows that could triggered if
the server accepted headers larger than the maximum
(signed) integer value. This is prevented in the default
configuration by restricting the size of a header, and on
most machines memory allocations would fail before reaching
those values. Problems found by Phil Brass of ISS.
If a server returns 421 for an RSET command when trying to start
another transaction in a session while sending mail, do
not trigger an internal consistency check. Problem found
by Allan E Johannesen of Worcester Polytechnic Institute.
If a server returns a 5xy error code (other than 501) in response
to a STARTTLS command despite the fact that it advertised
STARTTLS and that the code is not valid according to RFC
2487 treat it nevertheless as a permanent failure instead
of a protocol error (which has been changed to a
temporary error in 8.13.5). Problem reported by Jeff
A. Earickson of Colby College.
Clear SMTP state after a HELO/EHLO command. Patch from John
Myers of Proofpoint.
Observe MinQueueAge option when gathering entries from the queue
for sorting etc instead of waiting until the entries are
processed. Patch from Brian Fundakowski Feldman.
Set up TLS session cache to properly handle clients that try to
resume a stored TLS session.
Properly count the number of (direct) child processes such that
a configured value (MaxDaemonChildren) is not exceeded.
Based on patch from Attila Bruncsak.
LIBMILTER: Remove superfluous backslash in macro definition
(libmilter.h). Based on patch from Mike Kupfer of
Sun Microsystems.
LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
This generates an error message from libmilter on
Solaris, though other systems appear to just discard the
request silently.
LIBMILTER: Deal with sigwait(2) implementations that return
-1 and set errno instead of returning an error code
directly. Patch from Chris Adams of HiWAAY Informations
Services.
Portability:
Fix compilation checks for closefrom(3) and statvfs(2)
in NetBSD. Problem noted by S. Moonesamy, patch from
Andrew Brown.

JSON