CERT reported (VU#146718) a vulnerability in Sendmail (up to 8.13.6) triggered by malformed multipart messages, a PoC is available and has been tested. The issue results in a denial of service condition due to stack space memory exhaustion. A forked process (not the main daemon) will exit abnormally and core dump in some cases when triggered with this condition. The issue can be worked around by limiting the maximum message size accepted with the MaxMessageSize option. This issue will be public Wednesday June 14 at 16:00 UTC 2006. I'm attaching an ebuild for 8.13.6 with provided patch. This is not likely to be the only change that will be present in the soon to be released 8.13.7 but if we manage to get it stable we'll likely able to provide an updated ebuild before waiting for 8.13.7 ebuild arch stabilization.
Created attachment 88081 [details, diff] sendmail-CVE-2006-1173.patch sendmail patch for CVE-2006-1173
Created attachment 88082 [details, diff] sendmail-8.13.6-r1.ebuild sendmail-8.13.6-r1 ebuild
Arch liaisons (sp?), please test and report back if stable, _don't_ commit anything yet as this is sekrit. Thanks
blah, exchanging sparc <-> gustavoz ... I'm an idiot
seems sane on x86
looks fine for amd64.
looks good on ppc64
Looks ok to me (sparc).
Looking good on arm
Looks good on ppc
Looks good on hppa
Still missing test on: alpha ia64 s390, of which only alpha is security supported. Kloeri please test and report back.
(In reply to comment #12) > Still missing test on: alpha ia64 s390, of which only alpha is security > supported. > > Kloeri please test and report back. I haven't been able to reach kloeri today and jaervosz asked me to test it on alpha, so I did. Looks good on alpha.
Andrea please commit, this is public now.
Unless anybody can point to arbitrary code execution, this sounds more like a B3.
@Arches please test and mark 8.13.7 stable. 8.13.6-r1 comitted directly to stable. Upstream release 8.13.7 uses a different patch than 8.13.6-r1 so marking the upstream stable to be safe. @Security: This one is theoretically ready for GLSA decision. I vote YES.
I vote YES too. More info here http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc After committing the ebuilds I tested 8.13.7 and it looks good on x86 and amd to me (in case this helps).
@Security please vote, the draft is ready.
I vote yes for this one.
/me says yes
GLSA 200606-19 Moving to enhancement for stable marking.
Hi arches, regarding comment #16, and the 2 errata from sendmail.org / see ebuild ChangeLog : 16 Jun 2006; Andrea Barisani <lcars@gentoo.org> +files/errata-8.13.7-1.patch, +files/errata-8.13.7-2.patch, +sendmail-8.13.7-r1.ebuild: Revision bump with 2 errata published by sendmail.org. please stabilize 8.13.7-r1 Letting in enhancement scope since the GLSA has already been sent.
sparc stable, again!
x86 motivated for now...
ppc64 stable
stable on alpha and amd64.
stable on hppa
ppc stable
Closing since all "supported" arches are now stable, thanks to all. s390 & ia64, don't forget to mark stable too when you want to.