005: SECURITY FIX: August 25, 2006

2006-08-29T00:00:00
ID SECURITYVULNS:DOC:14068
Type securityvulns
Reporter Securityvulns
Modified 2006-08-29T00:00:00

Description

A potential denial of service problem has been found in sendmail. A message with really long header lines could trigger a use-after-free bug causing sendmail to crash.

Apply by doing: cd /usr/src patch -p0 < 005_sendmail3.patch

And then rebuild and install sendmail: cd gnu/usr.sbin/sendmail make obj make depend make make install

Index: gnu/usr.sbin/sendmail/sendmail/main.c

RCS file: /cvs/src/gnu/usr.sbin/sendmail/sendmail/main.c,v retrieving revision 1.21 retrieving revision 1.21.8.1 diff -u -p -r1.21 -r1.21.8.1 --- gnu/usr.sbin/sendmail/sendmail/main.c 24 Jun 2004 03:59:27 -0000 1.21 +++ gnu/usr.sbin/sendmail/sendmail/main.c 8 Aug 2006 20:20:42 -0000 1.21.8.1 @@ -2893,6 +2893,7 @@ finis(drop, cleanup, exitstat) dropenvelope(CurEnv, true, false); sm_rpool_free(CurEnv->e_rpool); CurEnv->e_rpool = NULL; + CurEnv->e_to = NULL; } else poststats(StatFile);