| Summary: | sendmail new security issue CVE-2023-51765 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, pfortin, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | sendmail-8.17.1-4.mga9.src.rpm | CVE: | CVE-2023-51765 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-01-08 10:06:49 CET
Nicolas Salguero
2024-01-08 10:07:36 CET
Whiteboard:
(none) =>
MGA9TOO Christiaan put up the current version, and looks to be the main sendmail maintainer; assigning to you. Assignee:
bugsquad =>
cjw also applies to Postfix: http://www.postfix.org/smtp-smuggling.html https://nvd.nist.gov/vuln/detail/CVE-2023-51764 and exim: https://nvd.nist.gov/vuln/detail/CVE-2023-51766 CC:
(none) =>
pfortin (In reply to Pierre Fortin from comment #2) > also applies to Postfix: http://www.postfix.org/smtp-smuggling.html > https://nvd.nist.gov/vuln/detail/CVE-2023-51764 That issue was already fixed in bug 32647. > and exim: https://nvd.nist.gov/vuln/detail/CVE-2023-51766 exim is not provided by Mageia. Best regards,
Nicolas Salguero
2024-03-29 11:51:09 CET
Whiteboard:
MGA9TOO =>
(none) Debian has patches for CVE-2023-51765 for version 8.17.1: https://sources.debian.org/data/main/s/sendmail/8.17.1.9-2%2Bdeb12u2/debian/patches/0024-CVE-2023-51765.patch and https://sources.debian.org/data/main/s/sendmail/8.17.1.9-2%2Bdeb12u2/debian/patches/reject_nul.patch Suggested advisory: ======================== The updated packages fix a security vulnerability: sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. (CVE-2023-51765) References: https://www.openwall.com/lists/oss-security/2023/12/21/6 https://www.openwall.com/lists/oss-security/2023/12/26/5 ======================== Updated packages in core/updates_testing: ======================== lib(64)milter1.0-8.17.1-4.1.mga9 lib(64)milter-devel-8.17.1-4.1.mga9 sendmail-8.17.1-4.1.mga9 sendmail-cf-8.17.1-4.1.mga9 sendmail-doc-8.17.1-4.1.mga9 from SRPM: sendmail-8.17.1-4.1.mga9.src.rpm Status comment:
Fixed in Version 8.18.0.2 =>
(none)
katnatek
2024-07-05 18:32:43 CEST
Keywords:
(none) =>
advisory LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
medium "BDK-Free-x86_64" is up-to-date
medium "BDK-Free-noarch" is up-to-date
medium "BDK-NonFree-x86_64" is up-to-date
installing sendmail-8.17.1-4.1.mga9.x86_64.rpm lib64milter1.0-8.17.1-4.1.mga9.x86_64.rpm sendmail-cf-8.17.1-4.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing... ##################################################################################################
1/3: sendmail-cf ##################################################################################################
2/3: lib64milter1.0 ##################################################################################################
3/3: sendmail ##################################################################################################
1/3: removing sendmail-cf-8.17.1-4.mga9.x86_64
##################################################################################################
2/3: removing lib64milter1.0-8.17.1-4.mga9.x86_64
##################################################################################################
3/3: removing sendmail-8.17.1-4.mga9.x86_64
##################################################################################################
urpmq --whatrequires-recursive lib64milter1.0|uniq
clamav-milter
lib64milter-devel
lib64milter1.0
opendkim
opendmarc
pagure-milters
python3-pymilter
Not find info about test lib64milter1.0 so proceed with send mail
Reference Bug#13431 comment#7
systemctl start sendmail.service
systemctl status sendmail.service
● sendmail.service - Sendmail Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/sendmail.service; disabled; preset: disabled)
Active: active (running) since Fri 2024-07-05 10:48:50 CST; 8s ago
Process: 297076 ExecStartPre=/usr/bin/newaliases (code=exited, status=0/SUCCESS)
Process: 297081 ExecStartPre=/usr/bin/make -C /etc/mail -s (code=exited, status=0/SUCCESS)
Process: 297087 ExecStart=/bin/sh -c exec /usr/sbin/sendmail.sendmail $DAEMONOPTIONS -bd $(if [ -n "$QUEUE" ]; then echo -q$QUEU>
Main PID: 297089 (sendmail.sendma)
Tasks: 5 (limit: 6904)
Memory: 5.3M
CPU: 213ms
CGroup: /system.slice/sendmail.service
├─297089 "sendmail: accepting connections"
├─297108 "sendmail: gmail-smtp-in.l.google.com.: idle"
├─297115 "sendmail: ./465GmpW1297104 from queue"
├─297116 procmail -f root@jgrey.phoenix -Y -a "" -d root
└─297118 procmail -f MAILER-DAEMON@localhost.localdomain -Y -a "" -d katnatek
jul 05 10:48:52 jgrey.phoenix sendmail[297106]: 465GmqVp297106: SYSERR(root): hash map "generics": missing map file /etc/mail/generi>
jul 05 10:48:52 jgrey.phoenix sendmail[297108]: 465GmqVp297108: SYSERR(root): hash map "generics": missing map file /etc/mail/generi>
jul 05 10:48:52 jgrey.phoenix sendmail[297112]: 465GmqVp297112: SYSERR(root): hash map "generics": missing map file /etc/mail/generi>
jul 05 10:48:52 jgrey.phoenix sendmail[297106]: 465GmqVp297106: to=<katnatek@jgrey.phoenix>, delay=00:00:00, xdelay=00:00:00, mailer>
jul 05 10:48:52 jgrey.phoenix sendmail[297112]: 465GmqVp297112: to=<katnatek@jgrey.phoenix>, delay=00:00:00, xdelay=00:00:00, mailer>
jul 05 10:48:52 jgrey.phoenix sendmail[297110]: 465GmpVt297104: to=<j.alberto.vc@gmail.com>, ctladdr=<katnatek@jgrey.phoenix> (1000/>
jul 05 10:48:52 jgrey.phoenix sendmail[297110]: 465GmpVt297104: 465GmqVp297110: DSN: Service unavailable
jul 05 10:48:52 jgrey.phoenix sendmail[297110]: 465GmqVp297110: SYSERR(root): hash map "generics": missing map file /etc/mail/generi>
jul 05 10:48:52 jgrey.phoenix sendmail[297110]: 465GmqVp297110: to=<katnatek@jgrey.phoenix>, delay=00:00:00, xdelay=00:00:00, mailer>
jul 05 10:48:53 jgrey.phoenix sendmail[297113]: 465GmpVx297104: to=<root@jgrey.phoenix>, ctladdr=<root@jgrey.phoenix> (0/0), delay=0>
Tiene correo nuevo en /var/spool/mail/root
mail
s-nail version v14.9.24. Type `?' for help
/var/spool/mail/root: 2 messages 2 new
▸N 1 root 2024-07-05 10:48 72/4007 "[msec] *** Security Check on jgrey.phoenix, jul 05 10:48:02 *** "
N 2 root 2024-07-05 10:48 68/6217 "[msec] *** Diff Check on jgrey.phoenix, jul 05 10:48:02 *** "
& 1
[-- Message 1 -- 72 lines, 4007 bytes --]:
From: root <root@jgrey.phoenix>
Message-Id: <202407051648.465Gm6DE295382@jgrey.phoenix>
Date: Fri, 05 Jul 2024 10:48:06 -0600
To: root@jgrey.phoenix
Subject: [msec] *** Security Check on jgrey.phoenix, jul 05 10:48:02 ***
*** Security Check, jul 05 10:48:02 ***
*** Check type: daily ***
*** Check executed from: /etc/cron.daily/msec ***
Report summary:
Test started: jul 05 10:48:02
Test finished: jul 05 10:48:05
Total of unsecure user files: 2
Total of user files that should not be writable: 2
Total of open network ports: 27
Total of configured firewall rules: 234
Total local users: 59
Total local group: 97
Issues found in /etc/shadow file: 1
Detailed report:
Security Warning: these files shouldn't be owned by someone else or readable :
- /home/katnatek/.gnupg/secring.gpg : file is group readable.
- /home/katnatek/.gnupg/secring.gpg : file is other readable.
Security Warning: theses files should not be owned by someone else or writable :
- /home/katnatek/.ssh : file is group writable.
- /home/katnatek/.config : file is group writable.
These are the ports listening on your machine :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State Program name
tcp 0 0 0.0.0.0:terabase 0.0.0.0:* LISTEN nxd
tcp 0 0 jgrey.local:ssh 0.0.0.0:* LISTEN sshd: /usr/sb
tcp 0 0 localhost:icl-twobase2 0.0.0.0:* LISTEN nxrunner.bin
tcp 0 0 localhost:entextnetwk 0.0.0.0:* LISTEN nxnode.bin
tcp 0 0 localhost:24529 0.0.0.0:* LISTEN nxserver.bin
tcp 0 0 localhost:24528 0.0.0.0:* LISTEN nxserver.bin
tcp 0 0 jgrey.local:domain 0.0.0.0:* LISTEN dnsmasq
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN httpd
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN httpd
tcp 0 0 localhost:afs3-callback 0.0.0.0:* LISTEN nxnode.bin
tcp6 0 0 [::]:terabase [::]:* LISTEN nxd
tcp6 0 0 localhost:afs3-callback [::]:* LISTEN nxnode.bin
udp 0 0 0.0.0.0:bootps 0.0.0.0:* dnsmasq
udp 0 0 localhost:323 0.0.0.0:* chronyd
udp 9216 0 jgrey.local:mdns 0.0.0.0:* nxserver.bin
udp 9216 0 jgrey.local:mdns 0.0.0.0:* nxserver.bin
udp 2688 0 0.0.0.0:mdns 0.0.0.0:* nxserver.bin
udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi-daemon: r
udp 0 0 0.0.0.0:39763 0.0.0.0:* avahi-daemon: r
udp 0 0 0.0.0.0:terabase 0.0.0.0:* nxd
udp 0 0 jgrey.local:domain 0.0.0.0:* dnsmasq
udp6 0 0 localhost:323 [::]:* chronyd
udp6 0 0 [::]:mdns [::]:* avahi-daemon: r
udp6 0 0 [::]:pmcdproxy [::]:* avahi-daemon: r
udp6 0 0 [::]:terabase [::]:* nxd
I just want to know if the warnings
jul 05 10:48:52 jgrey.phoenix sendmail[297106]: 465GmqVp297106: SYSERR(root): hash map "generics": missing map file /etc/mail/generi>
Are expected or something is missing or configuration is neededKeywords:
(none) =>
feedback Nicolas, are the warnings jul 05 10:48:52 jgrey.phoenix sendmail[297106]: 465GmqVp297106: SYSERR(root): hash map "generics": missing map file /etc/mail/generi> A blocker for this or not? Hi, I am not an expert but, according to https://www.linuxquestions.org/questions/linux-networking-3/syserr-root-hash-map-generics-missing-map-file-etc-mail-genericstable-db-295493/, that warning seems to be related to configuration. Best regards, Nico. (In reply to Nicolas Salguero from comment #8) > Hi, > > I am not an expert but, according to > https://www.linuxquestions.org/questions/linux-networking-3/syserr-root-hash- > map-generics-missing-map-file-etc-mail-genericstable-db-295493/, that > warning seems to be related to configuration. > > Best regards, > > Nico. Then give OK Thank you CC:
(none) =>
andrewsfarm Validating. CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0270.html Status:
ASSIGNED =>
RESOLVED |