Bug 186605

Summary: sendmail security update reverts to SASL from SASLv2
Product: Red Hat Enterprise Linux 3 Reporter: Don Close <don>
Component: sendmailAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-27 08:45:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Don Close 2006-03-24 17:15:08 UTC 
Description of problem:
Original package:

sendmail -d0.1 -bv xxx
Version 8.12.10
 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS
MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT

Note: uses SASLv2


Installed latest package of sendmail:  sendmail-8.12.11-4.RHEL3.4

/usr/sbin/sendmail.2006 -d0.1 -bv xxx
Version 8.12.11.20060308
 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX MATCHGECOS
MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SASL SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT

Note: reverts to SASL

Result: Users are no longer able to authenticate for smtp





How reproducible:


Steps to Reproduce:
1.Apply security update
2.
3.
  
Actual results:
Users can't authenticate for smtp

Expected results:
Users can authenticate for smtp

Additional info: SASLv2 and PAM configuration files were overwritten making
reverting to previous binary difficult.
Comment 1 Thomas Woerner 2006-03-27 08:45:36 UTC 
Please have a look at #124086 and #125383.

Since sendmail-8.12.11-3.3 the RHEL-3 package is supporting SASLv1, only.

Closing as "NOT A BUG".