Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13159
HistoryJun 15, 2006 - 12:00 a.m.

Sendmail 8.13.7

2006-06-1500:00:00
vulners.com
8
JSON

sendmail.org
Sendmail 8.13.7

Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.13.7. It fixes a potential denial of service problem caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message. Therefore, the function mime8to7() has been modified to limit the recursion level at (the compile time constant) MAXMIMENESTING. Note: This denial of service attack only affects delivery of mail from the queue and delivery of a malformed message. Other incoming mail is still accepted and delivered. However, mail messages in the queue may not be reattempted if a malformed MIME message exists. If you cannot upgrade immediately and your system runs into this problem, then you can try one of the following workarounds:

* install a milter to block messages that could trigger the problem.
* unlimit the stack size and limit the size of incoming messages.
* change the queue run strategy to avoid the impact of crashes by selecting one of these options:
      o enable ForkEachJob
      o set QueueSortOrder to random 
  See doc/op/op.* and cf/README about these options.

Errata

* (2006-04-14) If shared memory is used then a regression in 8.13.7 can cause the MTA to report that it is out of disk space ("low on space") and reject incoming mail. Either turn off shared memory
  # key for shared memory; 0 to turn off
  O SharedMemoryKey=0
  or apply a patch.

For those not running the open source version, check with your vendor for a patch. If you use the commercial version from Sendmail, Inc. then please see their advisory.

For a full list of changes see the release notes down below.

Remember to check the PGP signatures of releases obtained via FTP or HTTP.

Please send bug reports and general feedback to the appropriate e-mail address.

The version can be found at

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz.sig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.Z.sig
or on a mirror near to you.

You either need the first two files or the third and fourth, i.e., the gzip'ed version or the compressed version and the corresponding sig file. The PGP signature was created using the Sendmail Signing Key/2006, also available on the public key servers.

MD5 signatures:

MD5 (sendmail.8.13.7.tar.Z) = fff614180192995ff5b2c8660aa86594
MD5 (sendmail.8.13.7.tar.gz) = 5327e065cb0c1919122c8cecbeddbc28

Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 

		SENDMAIL RELEASE NOTES
  $Id: RELEASE_NOTES,v 8.1777.2.6 2006/06/05 22:32:41 ca Exp $

This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release.

8.13.7/8.13.7 2006/06/14
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s). This
happens because the recursion of the function mime8to7()
was not restricted. The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
Problem noted by Frank Sheiness.
The changes to the I/O layer in 8.13.6 caused a regression for
SASL mechanisms that use the security layer, e.g.,
DIGEST-MD5. Problem noted by Robert Stampfli.
If a timeout occurs while reading a message (during the DATA phase)
a df file might have been left behind in the queue.
This was another side effect of the changes to the I/O
layer made in 8.13.6.
Several minor problems have been fixed that were found by a
Coverity scan of sendmail 8 as part of the NetBSD
distribution. See http://scan.coverity.com/
Note: the scan generated also a lot of "false positives",
e.g., "error" reports about situations that cannot happen.
Most of those code places are marked with lint(1) comments
like NOTREACHED, but Coverity does not understand those.
Hence an explicit assertion has been added in some cases
to avoid those false positives.
If the start of the sendmail daemon fails due to a configuration
error then in some cases shared memory segments or pid
files were not removed.
If DSN support is disabled via access_db, then related ESMTP
parameters for MAIL and RCPT should be rejected. Problem
reported by Akihiro Sagawa.
Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
bug work-around. Hence if sendmail is linked against
either of these versions and compression is available,
the padding bug work-around is turned off. Based on
patch from Victor Duchovni of Morgan Stanley.
CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
blackholes.mail-abuse.org as default domain for lookups,
however, that list is no longer available. To avoid
further problems, no default value is available anymore,
but an argument must be specified.
Portability:
Fix compilation on OSF/1 for sfsasl.c. Patch from
Pieter Bowman of the University of Utah.

home

JSON