ID CVE-2014-3956 Type cve Reporter cve@mitre.org Modified 2017-12-29T02:29:00
Description
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
{"aix": [{"lastseen": "2020-04-22T00:52:07", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3956"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Apr 6 11:18:40 CDT 2018 \n|Updated: Mon Sep 17 09:18:47 CDT 2018\n|Update: Clarified that AIX 7.2 TL0 SP6 and bos.net.tcp.sendmail fileset level\n| 7.2.0.3 are impacted. An iFix for AIX 7.2 TL0 SP6 is now available.\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc\nhttps://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc\nftp://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc\n\n\nSecurity Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956)\n \n===============================================================================\n\nSUMMARY:\n\n There is a vulnerability in sendmail that impacts AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2014-3956\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\n DESCRIPTION: The sm_close_on_exec function in conf.c in sendmail before \n 8.14.9 has arguments in the wrong order, and consequently skips \n setting expected FD_CLOEXEC flags, which allows local users to access \n unintended high-numbered file descriptors via a custom mail-delivery \n program. \n CVSS Base Score: 2.1 \n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/93592 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2\n \n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ------------------------------------------------------------\n bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs\n bos.net.tcp.server 5.3.12.0 5.3.12.6 key_w_fs\n bos.net.tcp.client 6.1.9.0 6.1.9.315 key_w_fs\n bos.net.tcp.client 7.1.4.0 7.1.4.32 key_w_fs\n bos.net.tcp.client 7.1.5.0 7.1.5.15 key_w_fs\n| bos.net.tcp.sendmail 7.2.0.0 7.2.0.3 key_w_fs\n bos.net.tcp.sendmail 7.2.1.0 7.2.1.1 key_w_fs\n bos.net.tcp.sendmail 7.2.2.0 7.2.2.15 key_w_fs\n \n \n Note: To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.client\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ------------------------------------------------\n 5.3.12 IJ03273 ** N/A key_w_apar\n 6.1.9 IJ02915 ** SP12 key_w_apar\n 7.1.4 IJ02917 ** SP7 key_w_apar\n 7.1.5 IJ03121 ** SP4 key_w_apar\n| 7.2.0 IJ02918 ** N/A key_w_apar\n 7.2.1 IJ02919 ** SP5 key_w_apar\n 7.2.2 IJ02920 ** SP3 key_w_apar\n\n VIOS Level APAR Availability SP\n -----------------------------------------\n 2.2.4 IJ02915 ** N/A\n 2.2.5 IJ02915 ** 2.2.5.50\n 2.2.6 IJ02915 ** 2.2.6.30\n \n ** Please refer to AIX support lifecycle information page for \n availability of Service Packs:\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1012517\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03273\n http://www.ibm.com/support/docview.wss?uid=isg1IJ02915 \n http://www.ibm.com/support/docview.wss?uid=isg1IJ02917\n http://www.ibm.com/support/docview.wss?uid=isg1IJ03121\n http://www.ibm.com/support/docview.wss?uid=isg1IJ02918\n http://www.ibm.com/support/docview.wss?uid=isg1IJ02919\n http://www.ibm.com/support/docview.wss?uid=isg1IJ02920\n\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03273\n https://www.ibm.com/support/docview.wss?uid=isg1IJ02915\n https://www.ibm.com/support/docview.wss?uid=isg1IJ02917\n https://www.ibm.com/support/docview.wss?uid=isg1IJ03121\n https://www.ibm.com/support/docview.wss?uid=isg1IJ02918\n https://www.ibm.com/support/docview.wss?uid=isg1IJ02919\n https://www.ibm.com/support/docview.wss?uid=isg1IJ02920\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available.\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/sendmail_fix3.tar\n http://aix.software.ibm.com/aix/efixes/security/sendmail_fix3.tar\n https://aix.software.ibm.com/aix/efixes/security/sendmail_fix3.tar\n\n The links above are to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n Please note that the below table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.1.4.5 is AIX 7100-04-05.\n \n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 5.3.12.9 IJ03273s9a.180116.epkg.Z key_w_fix\n 6.1.9.9 IJ02915s9a.180110.epkg.Z key_w_fix\n 6.1.9.10 IJ02915s9a.180110.epkg.Z key_w_fix\n 6.1.9.11 IJ02915s9a.180110.epkg.Z key_w_fix\n 7.1.4.3 IJ02917s3a.180105.epkg.Z key_w_fix\n 7.1.4.4 IJ02917s3a.180105.epkg.Z key_w_fix\n 7.1.4.5 IJ02917s3a.180105.epkg.Z key_w_fix\n 7.1.5.0 IJ03121s0a.180110.epkg.Z key_w_fix\n 7.1.5.1 IJ03121s0a.180110.epkg.Z key_w_fix\n 7.1.5.2 IJ03121s0a.180110.epkg.Z key_w_fix\n 7.2.0.3 IJ02918s3a.180108.epkg.Z key_w_fix\n 7.2.0.4 IJ02918s3a.180108.epkg.Z key_w_fix\n 7.2.0.5 IJ02918s3a.180108.epkg.Z key_w_fix\n| 7.2.0.6 IJ02918sp6.180913.epkg.Z key_w_fix\n 7.2.1.1 IJ02919s1a.180108.epkg.Z key_w_fix\n 7.2.1.2 IJ02919s1a.180108.epkg.Z key_w_fix\n 7.2.1.3 IJ02919s1a.180108.epkg.Z key_w_fix\n 7.2.2.0 IJ02920s0a.180110.epkg.Z key_w_fix\n 7.2.2.1 IJ02920s0a.180110.epkg.Z key_w_fix\n 7.2.2.2 IJ02920s0a.180110.epkg.Z key_w_fix\n \n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 2.2.4.40 IJ02915s9a.180110.epkg.Z key_w_fix\n 2.2.4.50 IJ02915s9a.180110.epkg.Z key_w_fix\n 2.2.5.20 IJ02915s9a.180110.epkg.Z key_w_fix\n 2.2.5.30 IJ02915s9a.180110.epkg.Z key_w_fix\n 2.2.6.10 IJ02915s9a.180110.epkg.Z key_w_fix\n 2.2.6.20 IJ02915s9a.180110.epkg.Z key_w_fix\n 2.2.6.21 IJ02915s9a.180110.epkg.Z key_w_fix \n\n \n To extract the fixes from the tar file:\n\n tar xvf sendmail_fix3.tar\n cd sendmail_fix3\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 [filename]\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 2987f7b0b4c549c958f6919974adf104452f9179a4e004c5f862d2473e751dfc IJ02915s9a.180110.epkg.Z key_w_csum\n fbb7fc0fcbb30d6ccd2e1761c4682cf7e0252aeb64e60493e12d48f6c44510b0 IJ02917s3a.180105.epkg.Z key_w_csum\n a0e3e1fbf9f7015ef72ffe181c7995862fb9f52d901ae3d7b0e8a98ae0af7994 IJ02918s3a.180108.epkg.Z key_w_csum\n| 9bbc538083702bd8bc574560d09b07c8dc061e07a14329dc1e6759ccba516f9c IJ02918sp6.180913.epkg.Z key_w_csum\n bb2c7189784b734808aa637cf7ecfec5bd816cb42d9e5d812ac8e09abba6299d IJ02919s1a.180108.epkg.Z key_w_csum\n 4a907f461a36a1a63941b0cca8992b366d71197f7d47c63e425d5614ac072157 IJ02920s0a.180110.epkg.Z key_w_csum\n 4d95acdd312b233cedb5e106dfcdb8ac2266a11c402837545ea4963f929e7515 IJ03121s0a.180110.epkg.Z key_w_csum\n 6663891d15e91f5f316e4f73c2a7e0d23dca31df2508e98cd0cc06bb227da55b IJ03273s9a.180116.epkg.Z key_w_csum\n \n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy.\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n https://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e epkg_name -p # where epkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e epkg_name -X # where epkg_name is the name of the\n # interim fix package being installed.\n\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n https://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: \n http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Vulnerability in sendmail impacts AIX\n (CVE-2014-3956)\n http://www-01.ibm.com/support/docview.wss?uid=isg3T1027341 \n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Fri Apr 6 11:18:40 CDT 2018 \n| Updated: Mon Sep 17 09:18:47 CDT 2018\n| Update: Clarified that AIX 7.2 TL0 SP6 and bos.net.tcp.sendmail fileset \n| level 7.2.0.3 are impacted. An iFix for AIX 7.2 TL0 SP6 is now \n| available.\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n\n", "edition": 10, "modified": "2018-09-17T09:18:47", "published": "2018-04-06T11:18:40", "id": "SENDMAIL_ADVISORY3.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc", "title": "Vulnerability in sendmail impacts AIX (CVE-2014-3956),Vulnerability in sendmail impacts VIOS (CVE-2014-3956)", "type": "aix", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3956"], "edition": 1, "description": "### Background\n\nsendmail is a widely-used Mail Transport Agent (MTA).\n\n### Description\n\nThe sm_close_on_exec function in conf.c has arguments in the wrong order. \n\n### Impact\n\nA local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll sendmail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-mta/sendmail-8.14.9\"", "modified": "2014-12-22T00:00:00", "published": "2014-12-22T00:00:00", "id": "GLSA-201412-32", "href": "https://security.gentoo.org/glsa/201412-32", "type": "gentoo", "title": "sendmail: Information disclosure", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-23T00:00:00", "id": "OPENVAS:1361412562310867920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867920", "type": "openvas", "title": "Fedora Update for sendmail FEDORA-2014-7095", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sendmail FEDORA-2014-7095\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867920\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 15:17:45 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2014-3956\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for sendmail FEDORA-2014-7095\");\n script_tag(name:\"affected\", value:\"sendmail on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7095\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134571.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sendmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"sendmail\", rpm:\"sendmail~8.14.7~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-17T00:00:00", "id": "OPENVAS:1361412562310867877", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867877", "type": "openvas", "title": "Fedora Update for sendmail FEDORA-2014-7093", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sendmail FEDORA-2014-7093\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867877\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:55:38 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-3956\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for sendmail FEDORA-2014-7093\");\n script_tag(name:\"affected\", value:\"sendmail on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7093\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sendmail'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"sendmail\", rpm:\"sendmail~8.14.8~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "description": "Gentoo Linux Local Security Checks GLSA 201412-32", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121318", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-32", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-32.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121318\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:18 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-32\");\n script_tag(name:\"insight\", value:\"The sm_close_on_exec function in conf.c has arguments in the wrong order.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-32\");\n script_cve_id(\"CVE-2014-3956\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-32\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"mail-mta/sendmail\", unaffected: make_list(\"ge 8.14.9\"), vulnerable: make_list(\"lt 8.14.9\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:33:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192549", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2549)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2549\");\n script_version(\"2020-01-23T13:05:10+0000\");\n script_cve_id(\"CVE-2014-3956\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:05:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:05:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2549)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2549\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2549\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'sendmail' package(s) announced via the EulerOS-SA-2019-2549 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.(CVE-2014-3956)\");\n\n script_tag(name:\"affected\", value:\"'sendmail' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"sendmail\", rpm:\"sendmail~8.14.7~5.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sendmail-cf\", rpm:\"sendmail-cf~8.14.7~5.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:38:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192661", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2661)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2661\");\n script_version(\"2020-01-23T13:13:07+0000\");\n script_cve_id(\"CVE-2014-3956\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:13:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:13:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2661)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2661\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2661\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'sendmail' package(s) announced via the EulerOS-SA-2019-2661 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.(CVE-2014-3956)\");\n\n script_tag(name:\"affected\", value:\"'sendmail' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"sendmail\", rpm:\"sendmail~8.14.7~4.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sendmail-cf\", rpm:\"sendmail-cf~8.14.7~4.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192440", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2440)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2440\");\n script_version(\"2020-01-23T12:57:51+0000\");\n script_cve_id(\"CVE-2014-3956\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:57:51 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:57:51 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2440)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2440\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2440\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'sendmail' package(s) announced via the EulerOS-SA-2019-2440 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.(CVE-2014-3956)\");\n\n script_tag(name:\"affected\", value:\"'sendmail' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"sendmail\", rpm:\"sendmail~8.14.7~4.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sendmail-cf\", rpm:\"sendmail-cf~8.14.7~4.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-3956"], "description": "File descriptors are not closed on external applications call.", "edition": 1, "modified": "2014-06-04T00:00:00", "published": "2014-06-04T00:00:00", "id": "SECURITYVULNS:VULN:13809", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13809", "title": "sendmail file descriptor leakage", "type": "securityvulns", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3956"], "description": "The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your email. Sendmail is a behind-the-scenes program which actually moves your email over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you will also need to have the sendmail-cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. ", "modified": "2014-06-13T05:31:53", "published": "2014-06-13T05:31:53", "id": "FEDORA:820AC20971", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: sendmail-8.14.8-2.fc20", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3956"], "description": "The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your email. Sendmail is a behind-the-scenes program which actually moves your email over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you will also need to have the sendmail-cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. ", "modified": "2014-06-19T23:00:43", "published": "2014-06-19T23:00:43", "id": "FEDORA:DB04E220BD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: sendmail-8.14.7-2.fc19", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-06-05T11:12:17", "description": "sendmail was updated to properly close file descriptors before\nexecuting programs.\n\nThese security issues were fixed :\n\n - Not properly closing file descriptors before executing\n programs (CVE-2014-3956).", "edition": 17, "published": "2014-06-18T00:00:00", "title": "openSUSE Security Update : sendmail (openSUSE-SU-2014:0804-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2014-06-18T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:uucp-debuginfo", "p-cpe:/a:novell:opensuse:rmail-debuginfo", "p-cpe:/a:novell:opensuse:sendmail-debuginfo", "p-cpe:/a:novell:opensuse:rmail", "p-cpe:/a:novell:opensuse:uucp", "p-cpe:/a:novell:opensuse:sendmail-devel", "p-cpe:/a:novell:opensuse:sendmail-debugsource", "p-cpe:/a:novell:opensuse:uucp-debugsource", "p-cpe:/a:novell:opensuse:sendmail", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-425.NASL", "href": "https://www.tenable.com/plugins/nessus/76104", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-425.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76104);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-3956\");\n\n script_name(english:\"openSUSE Security Update : sendmail (openSUSE-SU-2014:0804-1)\");\n script_summary(english:\"Check for the openSUSE-2014-425 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sendmail was updated to properly close file descriptors before\nexecuting programs.\n\nThese security issues were fixed :\n\n - Not properly closing file descriptors before executing\n programs (CVE-2014-3956).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=881284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sendmail packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sendmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sendmail-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sendmail-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sendmail-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uucp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uucp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uucp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"rmail-8.14.3-85.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"rmail-debuginfo-8.14.3-85.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"sendmail-8.14.5-85.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"sendmail-debuginfo-8.14.5-85.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"sendmail-debugsource-8.14.5-85.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"sendmail-devel-8.14.5-85.4.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"uucp-1.07-85.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"uucp-debuginfo-1.07-85.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"uucp-debugsource-1.07-85.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rmail-8.14.7-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"rmail-debuginfo-8.14.7-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sendmail-8.14.7-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sendmail-debuginfo-8.14.7-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sendmail-debugsource-8.14.7-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sendmail-devel-8.14.7-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"uucp-1.07-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"uucp-debuginfo-1.07-92.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"uucp-debugsource-1.07-92.5.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sendmail\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T05:49:19", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The sm_close_on_exec function in conf.c in sendmail\n before 8.14.9 has arguments in the wrong order, and\n consequently skips setting expected FD_CLOEXEC flags,\n which allows local users to access unintended\n high-numbered file descriptors via a custom\n mail-delivery program. (CVE-2014-3956)", "edition": 23, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : sendmail (cve_2014_3956_information_disclosure)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:sendmail", "cpe:/o:oracle:solaris:11.2"], "id": "SOLARIS11_SENDMAIL_20141120.NASL", "href": "https://www.tenable.com/plugins/nessus/80770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80770);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-3956\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : sendmail (cve_2014_3956_information_disclosure)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The sm_close_on_exec function in conf.c in sendmail\n before 8.14.9 has arguments in the wrong order, and\n consequently skips setting expected FD_CLOEXEC flags,\n which allows local users to access unintended\n high-numbered file descriptors via a custom\n mail-delivery program. (CVE-2014-3956)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3956-information-disclosure-vulnerability-in-sendmail\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9fb16432\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:sendmail\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^sendmail$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sendmail\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : sendmail\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_note(port:0, extra:error_extra);\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"sendmail\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:54:41", "description": "Updated sendmail packages fix security vulnerability :\n\nSendmail before 8.14.9 does not properly closing file descriptors\nbefore executing programs. This bug could enable local users to\ninterfere with an open SMTP connection if they can execute their own\nprogram for mail delivery (e.g., via procmail or the prog mailer)\n(CVE-2014-3956).", "edition": 24, "published": "2014-08-01T00:00:00", "title": "Mandriva Linux Security Advisory : sendmail (MDVSA-2014:147)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2014-08-01T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:sendmail-cf", "p-cpe:/a:mandriva:linux:sendmail-devel", "p-cpe:/a:mandriva:linux:sendmail-doc", "p-cpe:/a:mandriva:linux:sendmail"], "id": "MANDRIVA_MDVSA-2014-147.NASL", "href": "https://www.tenable.com/plugins/nessus/76954", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:147. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76954);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3956\");\n script_bugtraq_id(67791);\n script_xref(name:\"MDVSA\", value:\"2014:147\");\n\n script_name(english:\"Mandriva Linux Security Advisory : sendmail (MDVSA-2014:147)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated sendmail packages fix security vulnerability :\n\nSendmail before 8.14.9 does not properly closing file descriptors\nbefore executing programs. This bug could enable local users to\ninterfere with an open SMTP connection if they can execute their own\nprogram for mail delivery (e.g., via procmail or the prog mailer)\n(CVE-2014-3956).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0270.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sendmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sendmail-cf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sendmail-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sendmail-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"sendmail-8.14.6-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"sendmail-cf-8.14.6-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"sendmail-devel-8.14.6-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"sendmail-doc-8.14.6-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T09:01:41", "description": "According to the version of the sendmail packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The sm_close_on_exec function in conf.c in sendmail\n before 8.14.9 has arguments in the wrong order, and\n consequently skips setting expected FD_CLOEXEC flags,\n which allows local users to access unintended\n high-numbered file descriptors via a custom\n mail-delivery program.(CVE-2014-3956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "published": "2019-12-18T00:00:00", "title": "EulerOS 2.0 SP3 : sendmail (EulerOS-SA-2019-2661)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sendmail-cf", "p-cpe:/a:huawei:euleros:sendmail", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2661.NASL", "href": "https://www.tenable.com/plugins/nessus/132196", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132196);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3956\"\n );\n script_bugtraq_id(\n 67791\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : sendmail (EulerOS-SA-2019-2661)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the sendmail packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The sm_close_on_exec function in conf.c in sendmail\n before 8.14.9 has arguments in the wrong order, and\n consequently skips setting expected FD_CLOEXEC flags,\n which allows local users to access unintended\n high-numbered file descriptors via a custom\n mail-delivery program.(CVE-2014-3956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2661\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41d27494\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sendmail package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sendmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sendmail-cf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sendmail-8.14.7-4.h1\",\n \"sendmail-cf-8.14.7-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sendmail\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:15:17", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956 The\nsm_close_on_exec function in conf.c in sendmail before 8.14.9 has\narguments in the wrong order, and consequently skips setting expected\nFD_CLOEXEC flags, which allows local users to access unintended\nhigh-numbered file descriptors via a custom mail-delivery program.", "edition": 21, "published": "2018-04-10T00:00:00", "title": "AIX 7.2 TL 1 : sendmail (IJ02919)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ02919.NASL", "href": "https://www.tenable.com/plugins/nessus/108894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory sendmail_advisory3.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108894);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/10 11:59:02\");\n\n script_cve_id(\"CVE-2014-3956\");\n\n script_name(english:\"AIX 7.2 TL 1 : sendmail (IJ02919)\");\n script_summary(english:\"Check for APAR IJ02919\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956 The\nsm_close_on_exec function in conf.c in sendmail before 8.14.9 has\narguments in the wrong order, and consequently skips setting expected\nFD_CLOEXEC flags, which allows local users to access unintended\nhigh-numbered file descriptors via a custom mail-delivery program.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"01\", patch:\"IJ02919s1a\", package:\"bos.net.tcp.sendmail\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"02\", patch:\"IJ02919s1a\", package:\"bos.net.tcp.sendmail\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"03\", patch:\"IJ02919s1a\", package:\"bos.net.tcp.sendmail\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:aix_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T09:01:01", "description": "According to the version of the sendmail packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Sendmail program is a very widely used Mail\n Transport Agent (MTA).MTAs send mail from one machine\n to another. Sendmail is not a client program, which you\n use to read your email. Sendmail is a behind-the-scenes\n program which actually moves your email over networks\n or the Internet to where you want it to go.If you ever\n need to reconfigure Sendmail, you will also need to\n have the sendmail-cf package installed. If you need\n documentation on Sendmail, you can install the\n sendmail-doc package.Security Fix(es):The\n sm_close_on_exec function in conf.c in sendmail before\n 8.14.9 has arguments in the wrong order, and\n consequently skips setting expected FD_CLOEXEC flags,\n which allows local users to access unintended\n high-numbered file descriptors via a custom\n mail-delivery program.(CVE-2014-3956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "published": "2019-12-04T00:00:00", "title": "EulerOS 2.0 SP2 : sendmail (EulerOS-SA-2019-2440)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2019-12-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:sendmail-cf", "p-cpe:/a:huawei:euleros:sendmail", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2440.NASL", "href": "https://www.tenable.com/plugins/nessus/131594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131594);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-3956\"\n );\n script_bugtraq_id(\n 67791\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : sendmail (EulerOS-SA-2019-2440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the sendmail packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The Sendmail program is a very widely used Mail\n Transport Agent (MTA).MTAs send mail from one machine\n to another. Sendmail is not a client program, which you\n use to read your email. Sendmail is a behind-the-scenes\n program which actually moves your email over networks\n or the Internet to where you want it to go.If you ever\n need to reconfigure Sendmail, you will also need to\n have the sendmail-cf package installed. If you need\n documentation on Sendmail, you can install the\n sendmail-doc package.Security Fix(es):The\n sm_close_on_exec function in conf.c in sendmail before\n 8.14.9 has arguments in the wrong order, and\n consequently skips setting expected FD_CLOEXEC flags,\n which allows local users to access unintended\n high-numbered file descriptors via a custom\n mail-delivery program.(CVE-2014-3956)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d8f5615\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected sendmail package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sendmail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:sendmail-cf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"sendmail-8.14.7-4.h1\",\n \"sendmail-cf-8.14.7-4.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sendmail\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:15:17", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956 The\nsm_close_on_exec function in conf.c in sendmail before 8.14.9 has\narguments in the wrong order, and consequently skips setting expected\nFD_CLOEXEC flags, which allows local users to access unintended\nhigh-numbered file descriptors via a custom mail-delivery program.", "edition": 21, "published": "2018-04-10T00:00:00", "title": "AIX 7.1 TL 4 : sendmail (IJ02917)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IJ02917.NASL", "href": "https://www.tenable.com/plugins/nessus/108892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory sendmail_advisory3.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108892);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/10 11:59:02\");\n\n script_cve_id(\"CVE-2014-3956\");\n\n script_name(english:\"AIX 7.1 TL 4 : sendmail (IJ02917)\");\n script_summary(english:\"Check for APAR IJ02917\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956 The\nsm_close_on_exec function in conf.c in sendmail before 8.14.9 has\narguments in the wrong order, and consequently skips setting expected\nFD_CLOEXEC flags, which allows local users to access unintended\nhigh-numbered file descriptors via a custom mail-delivery program.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"03\", patch:\"IJ02917s3a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"04\", patch:\"IJ02917s3a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"05\", patch:\"IJ02917s3a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.32\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:aix_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:12:54", "description": "This is an update that fixes bug which can lead to sendmail leaking\nfile descriptors to processes it spawns.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-06-13T00:00:00", "title": "Fedora 20 : sendmail-8.14.8-2.fc20 (2014-7093)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sendmail", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-7093.NASL", "href": "https://www.tenable.com/plugins/nessus/74503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7093.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74503);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-3956\");\n script_bugtraq_id(67791);\n script_xref(name:\"FEDORA\", value:\"2014-7093\");\n\n script_name(english:\"Fedora 20 : sendmail-8.14.8-2.fc20 (2014-7093)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an update that fixes bug which can lead to sendmail leaking\nfile descriptors to processes it spawns.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1102174\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00d576ac\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sendmail package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sendmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"sendmail-8.14.8-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sendmail\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T05:32:39", "description": "The remote mail server is running a version of Sendmail prior to\n8.14.9. It is, therefore, affected by a flaw related to file\ndescriptors and the 'close-on-exec' flag that may allow a local\nattacker to cause unspecified impact on open SMTP connections.", "edition": 26, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}, "published": "2014-06-03T00:00:00", "title": "Sendmail < 8.14.9 close-on-exec SMTP Connection Manipulation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:sendmail:sendmail"], "id": "SENDMAIL_8_14_9.NASL", "href": "https://www.tenable.com/plugins/nessus/74289", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74289);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\"CVE-2014-3956\");\n script_bugtraq_id(67791);\n\n script_name(english:\"Sendmail < 8.14.9 close-on-exec SMTP Connection Manipulation\");\n script_summary(english:\"Checks Sendmail version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is affected by an SMTP connection manipulation\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote mail server is running a version of Sendmail prior to\n8.14.9. It is, therefore, affected by a flaw related to file\ndescriptors and the 'close-on-exec' flag that may allow a local\nattacker to cause unspecified impact on open SMTP connections.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.sendmail.org/releases/8.14.9\");\n script_set_attribute(attribute:\"see_also\", value:\"http://freecode.com/projects/sendmail/releases/363923\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Sendmail 8.14.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3956\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:sendmail:sendmail\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SMTP problems\");\n\n script_dependencies(\"sendmail_detect.nbin\");\n script_require_keys(\"installed_sw/Sendmail\");\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\napp_info = vcf::get_app_info(app:\"Sendmail\");\n\nconstraints = [{ \"fixed_version\" : \"8.14.9\" }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:56:44", "description": "The remote host is affected by the vulnerability described in GLSA-201412-32\n(sendmail: Information disclosure)\n\n The sm_close_on_exec function in conf.c has arguments in the wrong\n order.\n \nImpact :\n\n A local attacker could get access to unintended high-numbered file\n descriptors via a specially crafted program.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-12-23T00:00:00", "title": "GLSA-201412-32 : sendmail: Information disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3956"], "modified": "2014-12-23T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:sendmail", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-32.NASL", "href": "https://www.tenable.com/plugins/nessus/80209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-32.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80209);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3956\");\n script_bugtraq_id(67791);\n script_xref(name:\"GLSA\", value:\"201412-32\");\n\n script_name(english:\"GLSA-201412-32 : sendmail: Information disclosure\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-32\n(sendmail: Information disclosure)\n\n The sm_close_on_exec function in conf.c has arguments in the wrong\n order.\n \nImpact :\n\n A local attacker could get access to unintended high-numbered file\n descriptors via a specially crafted program.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All sendmail users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-mta/sendmail-8.14.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sendmail\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-mta/sendmail\", unaffected:make_list(\"ge 8.14.9\"), vulnerable:make_list(\"lt 8.14.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sendmail\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3956"], "description": "New sendmail packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/sendmail-8.14.9-i486-1_slack14.1.txz: Upgraded.\n This release fixes one security related bug by properly closing file\n descriptors (except stdin, stdout, and stderr) before executing programs.\n This bug could enable local users to interfere with an open SMTP\n connection if they can execute their own program for mail delivery\n (e.g., via procmail or the prog mailer).\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956\n (* Security fix *)\npatches/packages/sendmail-cf-8.14.9-noarch-1_slack14.1.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/sendmail-8.14.9-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/sendmail-cf-8.14.9-noarch-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/sendmail-8.14.9-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/sendmail-cf-8.14.9-noarch-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/sendmail-8.14.9-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/sendmail-cf-8.14.9-noarch-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/sendmail-8.14.9-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/sendmail-cf-8.14.9-noarch-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/sendmail-8.14.9-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/sendmail-cf-8.14.9-noarch-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/sendmail-8.14.9-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/sendmail-cf-8.14.9-noarch-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sendmail-8.14.9-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sendmail-cf-8.14.9-noarch-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sendmail-8.14.9-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sendmail-cf-8.14.9-noarch-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sendmail-8.14.9-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sendmail-cf-8.14.9-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sendmail-8.14.9-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sendmail-cf-8.14.9-noarch-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.14.9-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.14.9-noarch-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/sendmail-8.14.9-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/sendmail-cf-8.14.9-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 packages:\nfa4a8146cc1d3f1c64b3ed02d82a5faf sendmail-8.14.9-i486-1_slack13.0.txz\n22fd87b5cd412a9ae2d9993adc167a8a sendmail-cf-8.14.9-noarch-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n4c5d225f0d887bc47b9f1732856ec970 sendmail-8.14.9-x86_64-1_slack13.0.txz\nf9edfa9c0c9b8f7e2d7781a712653ba3 sendmail-cf-8.14.9-noarch-1_slack13.0.txz\n\nSlackware 13.1 packages:\nb836282e7789c12a85a623ed2fb483d5 sendmail-8.14.9-i486-1_slack13.1.txz\nbd43cc44d04f8358cf18c90c0ac5e0be sendmail-cf-8.14.9-noarch-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n27faf0d92afbddef85c5566db5601e98 sendmail-8.14.9-x86_64-1_slack13.1.txz\na8ff81ab84f0c841e2124ed4f7fb02b9 sendmail-cf-8.14.9-noarch-1_slack13.1.txz\n\nSlackware 13.37 packages:\n25d578ec57d003453578ac1c9043ad36 sendmail-8.14.9-i486-1_slack13.37.txz\na2a53c192144492a6a357fa4813a78a4 sendmail-cf-8.14.9-noarch-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nc2199fd085e5855152e083fa13089ba8 sendmail-8.14.9-x86_64-1_slack13.37.txz\n9b7be74bb260e610c652e7e0e03fae38 sendmail-cf-8.14.9-noarch-1_slack13.37.txz\n\nSlackware 14.0 packages:\n1ae72cadb783eec732ff4ac3da94fc57 sendmail-8.14.9-i486-1_slack14.0.txz\n04d4668660a821f5775318de9c452933 sendmail-cf-8.14.9-noarch-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n42173bd2b938b0367028e9dc01f602e1 sendmail-8.14.9-x86_64-1_slack14.0.txz\n1bbbd2139300d32a37cd1fd549cc046e sendmail-cf-8.14.9-noarch-1_slack14.0.txz\n\nSlackware 14.1 packages:\n3d0fbb8f49881337177d160fa2e0ccd4 sendmail-8.14.9-i486-1_slack14.1.txz\n3b783f2b5e32961a3c928f65db789f49 sendmail-cf-8.14.9-noarch-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\na9c2336c5e69f7611747cdee78cc9382 sendmail-8.14.9-x86_64-1_slack14.1.txz\n7634c0e90e4d51513e32d6937e5f5d96 sendmail-cf-8.14.9-noarch-1_slack14.1.txz\n\nSlackware -current packages:\ndc92ad4bbd47b4d10de025319f7f4cc2 n/sendmail-8.14.9-i486-1.txz\n86e29ae8991376c26f217e87c1402579 n/sendmail-cf-8.14.9-noarch-1.txz\n\nSlackware x86_64 -current packages:\n5fa19ff5c89efd970fc938432541625d n/sendmail-8.14.9-x86_64-1.txz\n23f2daa6bdd71d0294a1b8da3132c0cb n/sendmail-cf-8.14.9-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg sendmail-8.14.9-i486-1_slack14.1.txz sendmail-cf-8.14.9-noarch-1_slack14.1.txz\n\nThen, restart sendmail:\n > sh /etc/rc.d/rc.sendmail restart", "modified": "2014-06-06T05:27:31", "published": "2014-06-06T05:27:31", "id": "SSA-2014-156-04", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644", "type": "slackware", "title": "[slackware-security] sendmail", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}]}
