CVE-2014-3956
Summary
| CVE | CVE-2014-3956 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-04 11:19:00 UTC |
| Updated | 2017-12-29 02:29:00 UTC |
| Description | The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Operating System | Freebsd | Freebsd | All | - | All | All |
| Application | Hp | Hpux | All | All | All | All |
| Application | Sendmail | Sendmail | 8.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.11 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.9 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.6.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.9 | All | All | All |
| Application | Sendmail | Sendmail | 8.8.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.11 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.9 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.6.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.9 | All | All | All |
| Application | Sendmail | Sendmail | 8.8.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.3 | All | All | All |
| Application | Sendmail | Sendmail | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Slackware Security Advisory - sendmail Updates ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| Sendmail File Descriptor Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 20 Update: sendmail-8.14.8-2.fc20 | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| openSUSE-SU-2014:0804-1: moderate: sendmail: Close file descriptors befo | SUSE | lists.opensuse.org | |
| Security Advisory SA58628 - FreeBSD update for sendmail - Secunia | SECUNIA | secunia.com | |
| Sendmail 'close-on-exec' File Descriptor Error Lets Local Users Interfere With SMTP Connections in Certain Cases - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory |
| The Slackware Linux Project: Slackware Security Advisories | SLACKWARE | www.slackware.com | |
| Mageia Advisory: MGASA-2014-0270 - Updated sendmail packages fix CVE-2014-3956 | CONFIRM | advisories.mageia.org | Third Party Advisory |
| Security Advisory SA57455 - Sendmail Close-on-Exec File Descriptors Access Bypass Security Issue - Secunia | SECUNIA | secunia.com | |
| Open Source Release 8.14.9 - Sendmail.com | CONFIRM | www.sendmail.com | Patch, Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2015:128 | Mandriva | MANDRIVA | www.mandriva.com | |
| FreeBSD-SA-14:11 | FREEBSD | www.freebsd.org | |
| Gentoo Linux Documentation -- sendmail: Information disclosure | GENTOO | security.gentoo.org | |
| openSUSE-SU-2014:0805-1: moderate: sendmail: Close file descriptors befo | SUSE | lists.opensuse.org | |
| ftp.sendmail.org/pub/sendmail/RELEASE_NOTES | CONFIRM | ftp.sendmail.org | Vendor Advisory |
| www.mandriva.com | MANDRIVA | www.mandriva.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.