Computer Security

Security Advisory: 005: SECURITY FIX: August 25, 2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Sendmail long mail header DoS

From:OPENBSD
Date:29.08.2006
Subject:005: SECURITY FIX: August 25, 2006

A potential denial of service problem has been found in sendmail. A message with really long header lines could trigger a use-after-free bug causing sendmail to crash.

Apply by doing:
cd /usr/src
patch -p0 < 005_sendmail3.patch

And then rebuild and install sendmail:
cd gnu/usr.sbin/sendmail
make obj
make depend
make
make install

Index: gnu/usr.sbin/sendmail/sendmail/main.c
===================================================================
RCS file: /cvs/src/gnu/usr.sbin/sendmail/sendmail/main.c,v
retrieving revision 1.21
retrieving revision 1.21.8.1
diff -u -p -r1.21 -r1.21.8.1
--- gnu/usr.sbin/sendmail/sendmail/main.c 24 Jun 2004 03:59:27 -0000 1.21
+++ gnu/usr.sbin/sendmail/sendmail/main.c 8 Aug 2006 20:20:42 -0000 1.21.8.1
@@ -2893,6 +2893,7 @@ finis(drop, cleanup, exitstat)
dropenvelope(CurEnv, true, false);
sm_rpool_free(CurEnv->e_rpool);
CurEnv->e_rpool = NULL;
+ CurEnv->e_to = NULL;
}
else
poststats(StatFile);

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru