1.9

CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Update- Version <= 9.2
HpHpux Version <= b.11.31
FedoraprojectFedora Version20
SendmailSendmail Version <= 8.14.8
SendmailSendmail Version8.6.7
SendmailSendmail Version8.7.6
SendmailSendmail Version8.7.7
SendmailSendmail Version8.7.8
SendmailSendmail Version8.7.9
SendmailSendmail Version8.7.10
SendmailSendmail Version8.8.8
SendmailSendmail Version8.9.0
SendmailSendmail Version8.9.1
SendmailSendmail Version8.9.2
SendmailSendmail Version8.9.3
SendmailSendmail Version8.10
SendmailSendmail Version8.10.0
SendmailSendmail Version8.10.1
SendmailSendmail Version8.10.2
SendmailSendmail Version8.11.0
SendmailSendmail Version8.11.1
SendmailSendmail Version8.11.2
SendmailSendmail Version8.11.3
SendmailSendmail Version8.11.4
SendmailSendmail Version8.11.5
SendmailSendmail Version8.11.6
SendmailSendmail Version8.11.7
SendmailSendmail Version8.12.0
SendmailSendmail Version8.12.1
SendmailSendmail Version8.12.2
SendmailSendmail Version8.12.3
SendmailSendmail Version8.12.4
SendmailSendmail Version8.12.5
SendmailSendmail Version8.12.6
SendmailSendmail Version8.12.7
SendmailSendmail Version8.12.8
SendmailSendmail Version8.12.9
SendmailSendmail Version8.12.10
SendmailSendmail Version8.12.11
SendmailSendmail Version8.13.0
SendmailSendmail Version8.13.1
SendmailSendmail Version8.13.2
SendmailSendmail Version8.13.3
SendmailSendmail Version8.13.4
SendmailSendmail Version8.13.5
SendmailSendmail Version8.13.6
SendmailSendmail Version8.13.7
SendmailSendmail Version8.13.8
SendmailSendmail Version8.14.0
SendmailSendmail Version8.14.1
SendmailSendmail Version8.14.2
SendmailSendmail Version8.14.3
SendmailSendmail Version8.14.4
SendmailSendmail Version8.14.5
SendmailSendmail Version8.14.6
SendmailSendmail Version8.14.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.454
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES
Vendor Advisory
http://advisories.mageia.org/MGASA-2014-0270.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html
http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html
Third Party Advisory
VDB Entry
http://secunia.com/advisories/57455
http://secunia.com/advisories/58628
http://security.gentoo.org/glsa/glsa-201412-32.xml
http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc
http://www.mandriva.com/security/advisories?name=MDVSA-2014:147
http://www.mandriva.com/security/advisories?name=MDVSA-2015:128
http://www.securityfocus.com/bid/67791
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030331
Third Party Advisory
VDB Entry
http://www.sendmail.com/sm/open_source/download/8.14.9/
Patch
Vendor Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368
Third Party Advisory