CVE-2014-3956

CWE-200 — Information Exposure9 documents7 sources

Severity

1.9LOW

EPSS

0.1%

top 72.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freebsd Freebsd HP Hpux Sendmail Sendmail +1 more

Timeline

PublishedJun 4

Latest updateMay 17

Description

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶Debiansendmail< 8.14.4-6+3

▶NVDsendmail/sendmail8.14.8+52

▶NVDhp/hpuxb.11.31

▶NVDfreebsd/freebsd9.2

Also affects: Fedora 20

Patches

Patch: www.sendmail.com ↗Patch: www.sendmail.com ↗

🔴Vulnerability Details

GHSA

GHSA-frwj-4rf4-3wjf: The sm_close_on_exec function in conf↗2022-05-17

▶

OSV

CVE-2014-3956: The sm_close_on_exec function in conf↗2014-06-04

▶

CVEList

CVE-2014-3956: The sm_close_on_exec function in conf↗2014-06-04

▶

📋Vendor Advisories

Red Hat

sendmail: Properly set the close-on-exec flag for file descriptors↗2014-05-21

▶

Debian

CVE-2014-3956: sendmail - The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments ...↗2014

▶

💬Community

Bugzilla

CVE-2016-3956 npm: bearer token leak to non-registry hosts↗2016-04-19

▶

Bugzilla

CVE-2014-3956 sendmail: Properly set the close-on-exec flag for file descriptors [fedora-all]↗2014-06-04

▶

Bugzilla

CVE-2014-3956 sendmail: Properly set the close-on-exec flag for file descriptors↗2014-05-28

▶