RE: [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution
Have a look at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276268
Perhaps it would help you for the moment to recompile the package as I did.
Christian
-----Original Message-----
From: Frank Strau? [mailto:strauss@ibr.cs.tu-bs.de]
Sent: Wednesday, October 13, 2004 9:43 AM
To: debian-security@lists.debian.org
Subject: Re: [DSA 563-2] New cyrus-sasl packages really fix arbitrary
code execution
I'm sorry to say that, but version 1.5.27-3woody3 seems to still have at
least
one common bug with the previous "woody2" version: We use it for our
sendmail
server. Along with "woody2" *and* "woody3", sendmail is not able to detect
the
available SASL-based AUTH mechanisms. So I had to downgrade again to
libsasl7_1.5.27-3_i386.deb.
When I run sendmail with some verbose debugging output, this (the second
line)
seems to be interesting:
Oct 13 09:23:41 agitator sendmail[18145]: gethostbyaddr(192.168.0.2) failed:
1
Oct 13 09:23:41 agitator sendmail[18145]: error:
safesasl(\004/Sendmail.conf)
failed: No such file or directory
Oct 13 09:23:41 agitator sendmail[18145]: NOQUEUE: connect from
root@localhost
Oct 13 09:23:41 agitator sendmail[18145]: STARTTLS=server, Diffie-Hellman
init,
key=512 bit (1)
Oct 13 09:23:41 agitator sendmail[18145]: STARTTLS=server, init=1
Oct 13 09:23:41 agitator sendmail[18145]: AUTH warning: no mechanisms
Oct 13 09:23:41 agitator sendmail[18145]: i9D7Nf56018145: Milter
(mimedefang):
init success to negotiate
Oct 13 09:23:41 agitator sendmail[18145]: i9D7Nf56018145: Milter: connect to
filters
Oct 13 09:23:41 agitator sendmail[18145]: i9D7Nf56018145: milter=mimedefang,
action=connect, continue
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: