Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-3956HistoryJun 04, 2014 - 11:19 a.m.
CVE-2014-3956
2014-06-0411:19:00
Debian Security Bug Tracker
security-tracker.debian.org
11
0.0004 Low
EPSS
Percentile
9.8%
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | sendmail | < 8.14.4-6 | sendmail_8.14.4-6_all.deb |
| Debian | 11 | all | sendmail | < 8.14.4-6 | sendmail_8.14.4-6_all.deb |
| Debian | 10 | all | sendmail | < 8.14.4-6 | sendmail_8.14.4-6_all.deb |
| Debian | 999 | all | sendmail | < 8.14.4-6 | sendmail_8.14.4-6_all.deb |
| Debian | 13 | all | sendmail | < 8.14.4-6 | sendmail_8.14.4-6_all.deb |
Related
nessus
nessus
AIX 7.1 TL 4 : sendmail (IJ02917)
2018-04-10 00:00:00
AIX 7.2 TL 1 : sendmail (IJ02919)
2018-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: sendmail-8.14.7-2.fc19
2014-06-19 23:00:43
[SECURITY] Fedora 20 Update: sendmail-8.14.8-2.fc20
2014-06-13 05:31:53
openvas
openvas
Huawei EulerOS: Security Advisory for sendmail (EulerOS-SA-2019-2440)
2020-01-23 00:00:00
Gentoo Security Advisory GLSA 201412-32
2015-09-29 00:00:00
Slackware: Security Advisory (SSA:2014-156-04)
2022-04-21 00:00:00
cve
cve
CVE-2014-3956
2014-06-04 11:19:00
ibm
ibm
Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956)
2021-10-26 19:42:53
securityvulns
securityvulns
sendmail file descriptor leakage
2014-06-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1969
2021-07-02 18:07:53
gentoo
gentoo
sendmail: Information disclosure
2014-12-22 00:00:00
mageia
mageia
Updated sendmail packages fix CVE-2014-3956
2014-06-20 23:41:07
slackware
slackware
[slackware-security] sendmail
2014-06-06 05:27:31
aix
aix
prion
prion
Code injection
2014-06-04 11:19:00
cvelist
cvelist
CVE-2014-3956
2014-06-04 10:00:00
ubuntucve
ubuntucve
CVE-2014-3956
2014-06-04 00:00:00