Patch-ID# 115370-02 Keywords: security sendmail .forward header address parsing 8.11.7 prescan Synopsis: Trusted_Solaris_8_HW_12/02: sendmail patch Date: Oct/31/2003 Install Requirements: Additional instructions may be listed below Reboot after installation Solaris Release: Trusted_Solaris_8_HW_12/02 SunOS Release: Trusted_Solaris_8_HW_12/02 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 115371 Topic: Trusted_Solaris_8_HW_12/02: sendmail patch Relevant Architectures: sparc BugId's fixed with this patch: 4844545 4927826 Changes incorporated in this version: 4927826 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/mail/main.cf /etc/mail/sendmail.cf /etc/mail/subsidiary.cf /usr/bin/praliases /usr/lib/mail.local /usr/lib/mail/README /usr/lib/mail/cf/main-v7sun.cf /usr/lib/mail/cf/subsidiary-v7sun.cf /usr/lib/mail/feature/ldap_routing.m4 /usr/lib/mail/m4/proto.m4 /usr/lib/mail/m4/version.m4 /usr/lib/sendmail /usr/lib/smrsh /usr/sbin/makemap Problem Description: 4927826 Sendmail buffer underflow (from 115370-01) 4844545 Upgrade Trusted Solaris 8 sendmail to version 8.11.7 Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Trusted Solaris. Any other special or non-generic installation instructions should be described below as special instructions. For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: Reboot after installing the patch for changes to take effect. NOTE 2: If the user has not modified the /etc/mail/sendmail.cf file, the patch installation will overwrite this file with the new version. If the user no longer wishes to use the default configuration, the user should refer to the /usr/lib/mail/README file on how to customize /etc/mail/sendmail.cf. Second and subsequent patch installations may copy /etc/mail/sendmail.cf to a backup file, or even be lost, depending on which temporary patch related files remain in the /etc/mail directory. It is strongly suggested the /etc/mail directory be examined and cleaned up after the patch installation. On the FIRST PATCH INSTALLATION ONLY, the site modified original *.cf files will be saved to their original filenames, the new files will be copied to subsidiary.cf.new and main.cf.new. The updated sendmail.cf will not appear, instead the old sendmail.cf will appear in three forms: sendmail.cf sendmail.cf.old sendmail.cf.pre115370-01 With subsequent patch installations, the results of the attempted file backups vary even if the new files have been removed. It is highly recommended the user backs up any copies of these three files which the user doesn't want to lose. The user should also read the documentation in /usr/lib/mail/README. The steps below assume the patch has been put into an ADMIN_LOW directory in /var/tmp and the patch file label is configured to ADMIN_LOW. Create a role which contains the Software Installation profile (typically admin role is assigned this profile) and whose label range includes the ADMIN_LOW label. All the steps in the patch installation should be executed at ADMIN_LOW. The patch should be owned by this role. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify patchadd is in the profile assigned to the role, type: "profiles -l | grep patchadd". The result should be: /usr/sbin/patchadd uid=0, privs=all, label=admin_low 2) cd into /var/tmp and install the patch file. # cd /var/tmp # patchadd /var/tmp/ where is the patch number. Special Backout Instructions: ----------------------------- NOTE 1: Reboot after removing the patch for changes to take effect. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify patchrm is in the profile assigned to the role, type: "profiles -l | grep patchrm". The result should be: /usr/sbin/patchrm uid=0, privs=all, label=admin_low 2) Backout patch by typing: # patchrm where is the patch number. README -- Last modified date: Friday, October 31, 2003