1.9

CVE-2014-3956

EPSS 0.1%
Veröffentlicht 04.06.2014 11:19:13
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Update- Version <= 9.2

Hp ≫ Hpux Version <= b.11.31

Fedoraproject ≫ Fedora Version20

Sendmail ≫ Sendmail Version <= 8.14.8

Sendmail ≫ Sendmail Version8.6.7

Sendmail ≫ Sendmail Version8.7.6

Sendmail ≫ Sendmail Version8.7.7

Sendmail ≫ Sendmail Version8.7.8

Sendmail ≫ Sendmail Version8.7.9

Sendmail ≫ Sendmail Version8.7.10

Sendmail ≫ Sendmail Version8.8.8

Sendmail ≫ Sendmail Version8.9.0

Sendmail ≫ Sendmail Version8.9.1

Sendmail ≫ Sendmail Version8.9.2

Sendmail ≫ Sendmail Version8.9.3

Sendmail ≫ Sendmail Version8.10

Sendmail ≫ Sendmail Version8.10.0

Sendmail ≫ Sendmail Version8.10.1

Sendmail ≫ Sendmail Version8.10.2

Sendmail ≫ Sendmail Version8.11.0

Sendmail ≫ Sendmail Version8.11.1

Sendmail ≫ Sendmail Version8.11.2

Sendmail ≫ Sendmail Version8.11.3

Sendmail ≫ Sendmail Version8.11.4

Sendmail ≫ Sendmail Version8.11.5

Sendmail ≫ Sendmail Version8.11.6

Sendmail ≫ Sendmail Version8.11.7

Sendmail ≫ Sendmail Version8.12.0

Sendmail ≫ Sendmail Version8.12.1

Sendmail ≫ Sendmail Version8.12.2

Sendmail ≫ Sendmail Version8.12.3

Sendmail ≫ Sendmail Version8.12.4

Sendmail ≫ Sendmail Version8.12.5

Sendmail ≫ Sendmail Version8.12.6

Sendmail ≫ Sendmail Version8.12.7

Sendmail ≫ Sendmail Version8.12.8

Sendmail ≫ Sendmail Version8.12.9

Sendmail ≫ Sendmail Version8.12.10

Sendmail ≫ Sendmail Version8.12.11

Sendmail ≫ Sendmail Version8.13.0

Sendmail ≫ Sendmail Version8.13.1

Sendmail ≫ Sendmail Version8.13.2

Sendmail ≫ Sendmail Version8.13.3

Sendmail ≫ Sendmail Version8.13.4

Sendmail ≫ Sendmail Version8.13.5

Sendmail ≫ Sendmail Version8.13.6

Sendmail ≫ Sendmail Version8.13.7

Sendmail ≫ Sendmail Version8.13.8

Sendmail ≫ Sendmail Version8.14.0

Sendmail ≫ Sendmail Version8.14.1

Sendmail ≫ Sendmail Version8.14.2

Sendmail ≫ Sendmail Version8.14.3

Sendmail ≫ Sendmail Version8.14.4

Sendmail ≫ Sendmail Version8.14.5

Sendmail ≫ Sendmail Version8.14.6

Sendmail ≫ Sendmail Version8.14.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.285

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES

Vendor Advisory

http://advisories.mageia.org/MGASA-2014-0270.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html

http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html

Third Party Advisory

VDB Entry

http://secunia.com/advisories/57455

http://secunia.com/advisories/58628

http://security.gentoo.org/glsa/glsa-201412-32.xml

http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc

http://www.mandriva.com/security/advisories?name=MDVSA-2014:147

http://www.mandriva.com/security/advisories?name=MDVSA-2015:128

http://www.securityfocus.com/bid/67791

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1030331

Third Party Advisory

VDB Entry

http://www.sendmail.com/sm/open_source/download/8.14.9/

Patch

Vendor Advisory

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-3956

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3956

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3956

EUVD