Sendmail 8.12.1
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.1.
A potential security problem has been uncovered in 8.12.0 which might be exploited locally by malicious users to gain access to the client mail queue. However, as long as the MTA accepts local connections, the possible consequences of this potential local exploit are small. Notice: some operating systems don't provide a way to completely drop privileges from a set-group-ID program. In that case sendmail refuses to run if unsafe options are given. The program test/t_dropgid.c can be used to test which calls work on an operating system. This program shows that recent versions of FreeBSD and NetBSD are not vulnerable in their standard configuration. However, to be sure please run the test on your system to decide whether you need to upgrade.
Notice: if sendmail 8.12.1 fails to run on your OS with the error message:
drop_privileges: Unable to drop set-group-ID privilegescompile sendmail and libsm with
-DSM_CONF_CANT_SETRGIDand try again.
Notice: Normal users can't run the MSP queue by default in 8.12.1 to minimize problems with potential misconfigurations.
sendmail 8.12.1 fixes also a few other small problems found in 8.12.0 as listed in the RELEASE NOTES below. The version can be found at
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.1.tar.Z ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.1.tar.gz ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.1.tar.sigMD5 signatures:
0c3c0442c138d5b00a48ca48d95a71eb sendmail.8.12.1.tar.gz 69bee71f4c021f3e948b09afb69458f2 sendmail.8.12.1.tar.Z 1e89d89a8c7907580ac28321a914cf5a sendmail.8.12.1.tar.gz.sig
You only need one of the first two files (either the gzip'ed version or the compressed version). The .sig file contains the PGP signature of the tar file (after uncompressing it). The PGP signature was created using the Sendmail Signing Key/2001, available on the web site (http://www.sendmail.org/) or on the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
8.12.1/8.12.1 2001/10/01 SECURITY: Check whether dropping group privileges actually succeeded to avoid possible compromises of the mail system by supplying bogus data. Add configuration options for different set*gid() calls to reset saved gid. Problem found by Michal Zalewski. PRIVACY: Prevent information leakage when sendmail has extra privileges by disabling debugging (command line -d flag) during queue runs and disabling ETRN when sendmail -bs is used. Suggested by Michal Zalewski. Avoid memory corruption problems resulting from bogus .cf files. Problem found by Michal Zalewski. Set the ${server_addr} macro to name of mailer when doing LMTP delivery. LMTP systems may offer SMTP Authentication or STARTTLS causing sendmail to use this macro in rulesets. If debugging is turned on (-d0.10) print not just the default values for configuration file and pid file but also the selected values. Problem noted by Brad Chapman. Continue dealing with broken nameservers by ignoring SERVFAIL errors returned on T_AAAA (IPv6) lookups at delivery time if ResolverOptions=WorkAroundBrokenAAAA is set. Previously this only applied to hostname canonification. Problem noted by Bill Fenner of AT&T Research. Ignore comments in NIS host records when trying to find the canonical name for a host. When sendmail has extra privileges, limit mail submission command line flags (i.e., -G, -h, -F, etc.) to mail submission operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on suggestion from Michal Zalewski. Portability: AIX: Use `oslevel` if available to determine OS version. `uname` does not given complete information. Problem noted by Keith Neufeld of the Cessna Aircraft Company. OpenUNIX: Use lockf() for LDA delivery (affects mail.local). Problem noticed by Boyd Lynn Gerber of ZENEX. Avoid compiler warnings by not using pointers to pass integers. Problem noted by Todd C. Miller of Courtesan Consulting. CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize problems with potential misconfigurations. CONFIG: Fix comment showing default value of MaxHopCount. Problem noted by Greg Robinson of the Defence Science and Technology Organisation of Australia. CONFIG: dnsbl: If an argument specifies an error message in case of temporary lookup failures for DNS based blacklists then use it. LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by Richard A. Nelson of Debian. LIBMILTER: Add __P definition for OS that lack it. Problem noted by Chris Adams from HiWAAY Informations Services. LIBSMDB: Fix a lock race condition that affects makemap, praliases, and vacation. MAKEMAP: Avoid going beyond the end of an input line if it does not contain a value for a key. Based on patch from Mark Bixby from Hewlett-Packard. New Files: test/Build test/Makefile test/Makefile.m4 test/README test/t_dropgid.c test/t_setgid.c Deleted Files: include/sm/stdio.h include/sm/sysstat.h
