From owner-announce-jp@jp.FreeBSD.org Thu Aug 28 17:07:54 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h7S87su63357;
	Thu, 28 Aug 2003 17:07:54 +0900 (JST)
	(envelope-from owner-announce-jp@jp.FreeBSD.org)
Message-Id: <20030828.161031.48494077.hrs@eos.ocn.ne.jp>
To: announce-jp@jp.FreeBSD.org
From: Hiroki Sato <hrs@jp.FreeBSD.org>
In-Reply-To: <200308261643.h7QGhV2h025304@freefall.freebsd.org>
References: <200308261643.h7QGhV2h025304@freefall.freebsd.org>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 3.3 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-ML-maintainer: owner-announce-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 28 Aug 2003 16:10:31 +0900
X-Sequence: announce-jp 1170
Subject: Re: ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory
 FreeBSD-SA-03:11.sendmail
Sender: owner-announce-jp@jp.FreeBSD.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030821


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-03:11.sendmail (2003-08-26)
 * sendmail DNS map problem
=============================================================================

 $B$3$N%a!<%k$O!"(Bannounce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-03:11.sendmail 
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Tue, 26 Aug 2003 09:43:31 -0700 (PDT)
  Message-Id: <200308261643.h7QGhV2h025304@freefall.freebsd.org>
  X-Sequence: announce-jp 1168

 $B$rF|K\8lLu$7$?$b$N$G$9!#(B

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,!"$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s!#(B
 $B=$@5%Q%C%AEy$NFbMF$,2~$6$s$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O!"86J8$r;2>H$7$F$/$@$5$$!#(B

 $BF|K\8lLu$*$h$S%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O!"J8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$!#(B


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-03:11.sendmail                                   Security Advisory
                                                          The FreeBSD Project

$B%H%T%C%/(B:       sendmail $B$N(B DNS $B%^%C%WLdBj(B
                (sendmail DNS map problem)

$BJ,N`(B:           contrib
$B%b%8%e!<%k(B:     contrib_sendmail
$B9pCNF|(B:         2003-08-26
$B%/%l%8%C%H(B:     Oleg Bulyzhin <oleg@rinet.ru>
$B1F6AHO0O(B:       4.6-RELEASE (-p16 $B$^$G$r4^$`$9$Y$F(B),
                4.7-RELEASE (-p13 $B$^$G$r4^$`$9$Y$F(B),
                4.8-RELEASE (-p3 $B$^$G$r4^$`$9$Y$F(B),
                5.0-RELEASE (-p11 $B$^$G$r4^$`$9$Y$F(B)
                2003 $BG/(B 5 $B7n(B 29 $BF|(B 19 $B;~(B 33 $BJ,(B 18 $BIC(B ($B@$3&6(Dj;~(B) $B$h$jA0$N(B
                4-STABLE
$B=$@5F|(B:         2003-08-25 22:33:14 UTC (RELENG_5_0)
                2003-08-25 22:35:23 UTC (RELENG_4_8)
                2003-08-25 22:36:10 UTC (RELENG_4_7)
                2003-08-25 22:38:53 UTC (RELENG_4_6)
FreeBSD $B$K8GM-$+(B:       NO

$B>e5-$N9`L\$d%;%-%e%j%F%#%V%i%s%A!"0J2<$N3F@a$D$$$F$N@bL@$J$I!"(B
FreeBSD $B%;%-%e%j%F%#4+9p$K$D$$$F$N0lHLE*$J>pJs$O!"(B
<URL:http://www.freebsd.org/security/> $B$r$4Mw$/$@$5$$!#(B


I.   $BGX7J(B - Background

FreeBSD $B$G$O!"%G%U%)%k%H$NEE;R%a!<%kG[Aw%(!<%8%'%s%H(B (MTA) $B$H$7$F!"(B
sendmail(8) $B$H$$$&HFMQ$N%M%C%H%o!<%/4V%a!<%kG[Aw%=%U%H%&%'%"$r(B
$B:NMQ$7$F$$$^$9!#(B


II.  $BLdBj$N>\:Y(B - Problem Description

sendmail $B$N$$$/$D$+$N%P!<%8%g%s(B (8.12.0 $B$+$i(B 8.12.8) $B$K$O!"(B
DNS $B%^%C%W$r<BAu$7$?%3!<%I$K!"%W%m%0%i%`$N8m$j$,B8:_$7$^$9!#(B
$B0[>o$J(B DNS $B1~Ez%Q%1%C%H$rAw$k$3$H$G!"(Bsendmail $B$,=i4|2=$5$l$F$$$J$$(B
$B%]%$%s%?$KBP$7$F(B free() $B4X?t$r<B9T$9$k$h$&$K;E8~$1$k$3$H$,(B
$B$G$-$k2DG=@-$,$"$j$^$9!#(B

$BCm(B: FreeBSD $B$N%G%U%)%k%H$N(B sendmail $B@_Dj$G$O!"(BDNS $B%^%C%W$O(B
    $B;HMQ$5$l$F$$$^$;$s!#(B


III. $B1F6AHO0O(B - Impact

$B=i4|2=$5$l$F$$$J$$%]%$%s%?$K(B free() $B4X?t$r<B9T$7$?>l9g!"(Bsendmail $B$N(B
$B;R%W%m%;%9$,%/%i%C%7%e$9$k2DG=@-$,$"$j$^$9!#$^$?967b<T$O!"(B
$B$3$N=i4|2=$5$l$F$$$J$$%]%$%s%?$NCM$r$"$kDxEY@)8f$7$F!"G$0U$N%a%b%jNN0h$r(B
$B2rJ|$9$k$3$H$,$G$-$k$+$bCN$l$^$;$s!#$3$N<eE@$,!"B>$N0-MQ2DG=$J(B
$B%;%-%e%j%F%#>e$N<eE@$NMW0x$H$J$k2DG=@-$O$"$j$^$9$,!"$=$N$h$&$J%1!<%9$O(B
$B:#$N$H$3$mH/8+$5$l$F$$$^$;$s!#(B


IV.  $B2sHrJ}K!(B - Workaround

DNS $B%^%C%W$r;H$o$J$$$G$/$@$5$$!#(B


V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+0l$D$K=>$C$F$/$@$5$$!#(B

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r!":G?7$N(B 4.8-STABLE $B$+(B 5.1-RELEASE$B!"(B
   $B$b$7$/$O=$@5F|0J9_$N(B RELENG_5_1 (5.1-RELEASE-p2), RELENG_4_8
   (4.8-RELEASE-p4), RELENG_4_7 (4.7-RELEASE-p14)
   $B%;%-%e%j%F%#%V%i%s%A$N$$$:$l$+$K%"%C%W%0%l!<%I$9$k!#(B

2) $B8=:_$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k!#(B

$B0J2<$N=$@5%Q%C%A$O!"(BFreeBSD 5.0$B!"(B4.8$B!"(B4.7$B!"(B4.6 $B$N3F%7%9%F%`$K(B
$BE,MQ2DG=$J$3$H$,3NG'$5$l$F$$$k$b$N$G$9!#(B

a) $B0J2<$N>l=j$+$i=$@5%Q%C%A$r%@%&%s%m!<%I$7!"(BPGP $B%f!<%F%#%j%F%#$r;H$C$F(B
   PGP $B=pL>$r8!>Z$7$^$9!#(B

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch.asc

b) root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9!#(B

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libsm
# make obj && make depend && make
# cd /usr/src/lib/libsmutil
# make obj && make depend && make
# cd /usr/src/usr.sbin/sendmail
# make obj && make depend && make && make install

($BLuCm(B: /path/to/patch $B$NItJ,$O!"=$@5%Q%C%A$N%Q%9L>$KCV$-49$($F$/$@$5$$(B)

c) sendmail $B$r:F5/F0$7$^$9!#(Broot $B8"8B$G<!$N%3%^%s%I$r<B9T$7$F$/$@$5$$!#(B

# /bin/sh /etc/rc.sendmail restart


VI.  $B=$@5$N>\:Y(B - Correction details

FreeBSD $B$K$*$$$F:#2s=$@5$5$l$?3F%U%!%$%k$N%j%S%8%g%sHV9f$O!"0J2<$N$H$*$j$G$9!#(B

$B%Q%9L>(B                                                           $B%j%S%8%g%s(B
  $B%V%i%s%A(B
- -------------------------------------------------------------------------
src/UPDATING
  RELENG_5_0                                                   1.229.2.17
  RELENG_4_8                                                1.73.2.80.2.6
  RELENG_4_7                                               1.73.2.74.2.17
  RELENG_4_6                                               1.73.2.68.2.45
src/sys/conf/newvers.sh
  RELENG_5_0                                                    1.48.2.12
  RELENG_4_8                                                1.44.2.29.2.5
  RELENG_4_7                                               1.44.2.26.2.16
  RELENG_4_6                                               1.44.2.23.2.34
src/contrib/sendmail/src/sm_resolve.c
  RELENG_5_0                                                  1.1.1.4.2.1
  RELENG_4_8                                              1.1.1.1.2.2.4.1
  RELENG_4_7                                              1.1.1.1.2.2.2.1
  RELENG_4_6                                              1.1.1.1.2.1.2.2
- -------------------------------------------------------------------------


VII. $B;29M;qNA(B - References

<URL:http://www.sendmail.org/dnsmap1.html>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0688>


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9!#2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9!#(B

$B$?$@$7K]Lu<T$*$h$S(B doc-jp $B$O!"$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$!#F|K\8lLu$K$D$$$F$N$40U8+!"$4MWK>!"(B
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9!#(B

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O!"F|K\$N%_%i!<%5%$%H$,B8:_$7$^$9!#(B
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a!"$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9!#(B

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O!"(B
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K!"(B
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K!"(B
$B$=$l$>$lCV$-49$($F$/$@$5$$!#(B

$BB>$NCO0h$r4^$`%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

 http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors.html ($B1QJ8(B)
 http://www.FreeBSD.org/doc/ja_JP.eucJP/books/handbook/mirrors.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9!#(B

