1.9 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.0%
sendmail is a widely-used Mail Transport Agent (MTA).
The sm_close_on_exec function in conf.c has arguments in the wrong order.
A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program.
There is no known workaround at this time.
All sendmail users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.14.9"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | mail-mta/sendmail | < 8.14.9 | UNKNOWN |