Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3956

Опубликовано: 21 мая 2014
Источник: redhat
CVSS2: 1
EPSS Низкий

Описание

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Отчет

This issue affects the versions of sendmail as shipped with Red Hat Enterprise Linux 4, 5, 6, and 7. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4sendmailAffected
Red Hat Enterprise Linux 5sendmailAffected
Red Hat Enterprise Linux 6sendmailAffected
Red Hat Enterprise Linux 7sendmailAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1102174sendmail: Properly set the close-on-exec flag for file descriptors

EPSS

Процентиль: 28%
0.001
Низкий

1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3956

ubuntu
больше 11 лет назад

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

nvd логотип

CVE-2014-3956

nvd
больше 11 лет назад

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

debian логотип

CVE-2014-3956

debian
больше 11 лет назад

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...

github логотип

GHSA-frwj-4rf4-3wjf

github
больше 3 лет назад

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

fstec логотип

BDU:2015-00683

fstec
больше 11 лет назад

Уязвимость программного обеспечения SendMail SMTP Server, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации

EPSS

Процентиль: 28%
0.001
Низкий

1 Low

CVSS2