CVE-2014-3956: Infoleak
First published: Wed Jun 04 2014(Updated: )
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD FreeBSD | <=9.2 | |
| Hp Hpux | <=b.11.31 | |
| Fedoraproject Fedora | =20 | |
| Sendmail Sendmail | <=8.14.8 | |
| Sendmail Sendmail | =8.6.7 | |
| Sendmail Sendmail | =8.7.6 | |
| Sendmail Sendmail | =8.7.7 | |
| Sendmail Sendmail | =8.7.8 | |
| Sendmail Sendmail | =8.7.9 | |
| Sendmail Sendmail | =8.7.10 | |
| Sendmail Sendmail | =8.8.8 | |
| Sendmail Sendmail | =8.9.0 | |
| Sendmail Sendmail | =8.9.1 | |
| Sendmail Sendmail | =8.9.2 | |
| Sendmail Sendmail | =8.9.3 | |
| Sendmail Sendmail | =8.10 | |
| Sendmail Sendmail | =8.10.0 | |
| Sendmail Sendmail | =8.10.1 | |
| Sendmail Sendmail | =8.10.2 | |
| Sendmail Sendmail | =8.11.0 | |
| Sendmail Sendmail | =8.11.1 | |
| Sendmail Sendmail | =8.11.2 | |
| Sendmail Sendmail | =8.11.3 | |
| Sendmail Sendmail | =8.11.4 | |
| Sendmail Sendmail | =8.11.5 | |
| Sendmail Sendmail | =8.11.6 | |
| Sendmail Sendmail | =8.11.7 | |
| Sendmail Sendmail | =8.12.0 | |
| Sendmail Sendmail | =8.12.1 | |
| Sendmail Sendmail | =8.12.2 | |
| Sendmail Sendmail | =8.12.3 | |
| Sendmail Sendmail | =8.12.4 | |
| Sendmail Sendmail | =8.12.5 | |
| Sendmail Sendmail | =8.12.6 | |
| Sendmail Sendmail | =8.12.7 | |
| Sendmail Sendmail | =8.12.8 | |
| Sendmail Sendmail | =8.12.9 | |
| Sendmail Sendmail | =8.12.10 | |
| Sendmail Sendmail | =8.12.11 | |
| Sendmail Sendmail | =8.13.0 | |
| Sendmail Sendmail | =8.13.1 | |
| Sendmail Sendmail | =8.13.2 | |
| Sendmail Sendmail | =8.13.3 | |
| Sendmail Sendmail | =8.13.4 | |
| Sendmail Sendmail | =8.13.5 | |
| Sendmail Sendmail | =8.13.6 | |
| Sendmail Sendmail | =8.13.7 | |
| Sendmail Sendmail | =8.13.8 | |
| Sendmail Sendmail | =8.14.0 | |
| Sendmail Sendmail | =8.14.1 | |
| Sendmail Sendmail | =8.14.2 | |
| Sendmail Sendmail | =8.14.3 | |
| Sendmail Sendmail | =8.14.4 | |
| Sendmail Sendmail | =8.14.5 | |
| Sendmail Sendmail | =8.14.6 | |
| Sendmail Sendmail | =8.14.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0270.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html
- http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html
- http://secunia.com/advisories/57455
- http://secunia.com/advisories/58628
- http://security.gentoo.org/glsa/glsa-201412-32.xml
- http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:147
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:128
- http://www.securityfocus.com/bid/67791
- http://www.securitytracker.com/id/1030331
- http://www.sendmail.com/sm/open_source/download/8.14.9/
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/9.2
- vendor/hp
- canonical/hp hpux
- version/hp hpux/b.11.31
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/20
- vendor/sendmail
- canonical/sendmail sendmail
- version/sendmail sendmail/8.14.8
- version/sendmail sendmail/8.6.7
- version/sendmail sendmail/8.7.6
- version/sendmail sendmail/8.7.7
- version/sendmail sendmail/8.7.8
- version/sendmail sendmail/8.7.9
- version/sendmail sendmail/8.7.10
- version/sendmail sendmail/8.8.8
- version/sendmail sendmail/8.9.0
- version/sendmail sendmail/8.9.1
- version/sendmail sendmail/8.9.2
- version/sendmail sendmail/8.9.3
- version/sendmail sendmail/8.10
- version/sendmail sendmail/8.10.0
- version/sendmail sendmail/8.10.1
- version/sendmail sendmail/8.10.2
- version/sendmail sendmail/8.11.0
- version/sendmail sendmail/8.11.1
- version/sendmail sendmail/8.11.2
- version/sendmail sendmail/8.11.3
- version/sendmail sendmail/8.11.4
- version/sendmail sendmail/8.11.5
- version/sendmail sendmail/8.11.6
- version/sendmail sendmail/8.11.7
- version/sendmail sendmail/8.12.0
- version/sendmail sendmail/8.12.1
- version/sendmail sendmail/8.12.2
- version/sendmail sendmail/8.12.3
- version/sendmail sendmail/8.12.4
- version/sendmail sendmail/8.12.5
- version/sendmail sendmail/8.12.6
- version/sendmail sendmail/8.12.7
- version/sendmail sendmail/8.12.8
- version/sendmail sendmail/8.12.9
- version/sendmail sendmail/8.12.10
- version/sendmail sendmail/8.12.11
- version/sendmail sendmail/8.13.0
- version/sendmail sendmail/8.13.1
- version/sendmail sendmail/8.13.2
- version/sendmail sendmail/8.13.3
- version/sendmail sendmail/8.13.4
- version/sendmail sendmail/8.13.5
- version/sendmail sendmail/8.13.6
- version/sendmail sendmail/8.13.7
- version/sendmail sendmail/8.13.8
- version/sendmail sendmail/8.14.0
- version/sendmail sendmail/8.14.1
- version/sendmail sendmail/8.14.2
- version/sendmail sendmail/8.14.3
- version/sendmail sendmail/8.14.4
- version/sendmail sendmail/8.14.5
- version/sendmail sendmail/8.14.6
- version/sendmail sendmail/8.14.7