[Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue

Adam Gibson agibson at ptm.com
Wed Apr 5 17:08:46 UTC 2006 

Adam Gibson wrote:
> One thing I noticed after the latest yum update of sendmail from the 
> previous update is that alternatives is broken for /etc/pam.d/smtp for 
> the sendmail package.  Sendmail used to create /etc/pam.d/smtp.sendmail 
> which alternatives would create a symlink at /etc/pam.d/smtp to 
> eventually point to the current configured smtp pam config 
> (/etc/pam.d/smtp.sendmail for sendmail).
> 
> a yum update showed this:
> warning: /etc/pam.d/smtp created as /etc/pam.d/smtp.rpmnew
> 
> # ls -al /etc/pam.d/smtp*
> lrwxrwxrwx    1 root     root           25 Mar 28 12:48 /etc/pam.d/smtp 
> -> /etc/alternatives/mta-pam
> -rw-r--r--    1 root     root          116 Mar 26 22:37 smtp.rpmnew
> 
> # ls -al /etc/alternatives/mta-pam
> lrwxrwxrwx    1 root     root           24 Mar 28 12:48 
> /etc/alternatives/mta-pam -> /etc/pam.d/smtp.sendmail
> 
> smtp.sendmail no longer exists. It appears to just be directly smtp now 
> which was stored as smtp.rpmnew because the symlink created by 
> alternatives was at /etc/pam.d/smtp.  Issuing an alternatives --config 
> mta will just setup /etc/pam.d/smtp to eventually point to 
> /etc/pam.d/smtp.sendmail again which does not exist.

This is incorrect.  I moved smtp.rpmnew to smtp and alternatives does 
not do anything with the /etc/pam.d/smtp.  I mistakenly thought it did 
the first time but it was just leftover from the previous sendmail 
package.  Moving /etc/pam.d/smtp.rpmnew to /etc/pam.d/smtp fixes the 
problem.

So basically it boils down to alternatives with the newer sendmail 
updates do not do anything with /etc/pam.d/smtp anymore(It is part of 
the packages itself and not a symlink).  The problem I had is that the 
old symlink was in the way when sendmail was updated.

I wonder if other MTAs expect /etc/pam.d/smtp to still be a symlink.  If 
you do an alternatives for postfix or some other mta will it overwrite 
/etc/pam.d/smtp?  If so that could be a problem if you switch back.

> 
> Moving /etc/pam.d/smtp.rpmnew to /etc/pam.d/smtp.sendmail fixes the 
> problem for me.
> 
> I do not know what the ramifications are of having a broken symlink to 
> /etc/pam.d/smtp but it must be used for something.
> 
> Marc Deslauriers wrote:
>> ---------------------------------------------------------------------
>>                Fedora Legacy Update Advisory
>>
>> Synopsis:          Updated sendmail packages fix security issue
>> Advisory ID:       FLSA:186277
>> Issue date:        2006-04-04
>> Product:           Red Hat Linux, Fedora Core
>> Keywords:          Bugfix, Security
>> CVE Names:         CVE-2006-0058
>> ---------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> 1. Topic:
>>
>> Updated sendmail packages that fix a security issue are now
>> available.
>>
>> The sendmail package provides a widely used Mail Transport Agent (MTA).
>>
>> [Updated 4th April 2006]
>> Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 packages have been
>> updated to correct numerous problems with the previously released
>> updates.
>>
>> 2. Relevant releases/architectures:
>>
>> Red Hat Linux 7.3 - i386
>> Red Hat Linux 9 - i386
>> Fedora Core 1 - i386
>> Fedora Core 2 - i386
>> Fedora Core 3 - i386, x86_64
>>
> 
> -- 
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list

More information about the fedora-legacy-list mailing list