PT-2014-1706 · Sendmail+3 · Sendmail+3
Published
2014-05-28
·
Updated
2018-04-06
·
CVE-2014-3956
CVSS v2.0
1.9
Low
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
sendmail versions prior to 8.14.9
Description
The issue exists in the
sm close on exec function due to incorrect argument order and missing expected FD CLOEXEC flags. This allows local users to access high-numbered file descriptors using a custom mail-delivery program.Recommendations
For sendmail versions prior to 8.14.9, update to version 8.14.9 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
sm close on exec function until a patch is available.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Ibm Aix
Suse
Sendmail