CVE-2014-3956
Summary
| CVE | CVE-2014-3956 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-04 11:19:13 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:L/AC:M/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Operating System | Freebsd | Freebsd | All | - | All | All |
| Application | Hp | Hpux | All | All | All | All |
| Application | Sendmail | Sendmail | 8.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.10.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.11.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.11 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.12.9 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.13.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.3 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.4 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.5 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.14.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.6.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.10 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.6 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.7 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.7.9 | All | All | All |
| Application | Sendmail | Sendmail | 8.8.8 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.0 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.1 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.2 | All | All | All |
| Application | Sendmail | Sendmail | 8.9.3 | All | All | All |
| Application | Sendmail | Sendmail | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Support / Security / Advisories / / MDVSA-2015:128 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Third Party Advisory |
| openSUSE-SU-2014:0804-1: moderate: sendmail: Close file descriptors befo | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| openSUSE-SU-2014:0805-1: moderate: sendmail: Close file descriptors befo | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Open Source Release 8.14.9 - Sendmail.com | af854a3a-2127-422b-91ae-364da2661108 | www.sendmail.com | Patch, Vendor Advisory |
| ftp.sendmail.org/pub/sendmail/RELEASE_NOTES | af854a3a-2127-422b-91ae-364da2661108 | ftp.sendmail.org | Vendor Advisory |
| www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc | af854a3a-2127-422b-91ae-364da2661108 | www.freebsd.org | |
| Slackware Security Advisory - sendmail Updates ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| Security Advisory SA58628 - FreeBSD update for sendmail - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| [SECURITY] Fedora 20 Update: sendmail-8.14.8-2.fc20 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| www.mandriva.com | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Security Advisory SA57455 - Sendmail Close-on-Exec File Descriptors Access Bypass Security Issue - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Gentoo Linux Documentation -- sendmail: Information disclosure | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | www.slackware.com | |
| Sendmail 'close-on-exec' File Descriptor Error Lets Local Users Interfere With SMTP Connections in Certain Cases - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Mageia Advisory: MGASA-2014-0270 - Updated sendmail packages fix CVE-2014-3956 | af854a3a-2127-422b-91ae-364da2661108 | advisories.mageia.org | Third Party Advisory |
| Sendmail File Descriptor Security Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.