ALT-PU-2014-1723-1
Closed vulnerabilities
Published: 2014-06-10
BDU:2015-00683
Уязвимость программного обеспечения SendMail SMTP Server, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: LOW (1.9)
References:
Published: 2014-06-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3956
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
Severity: LOW (1.9)
References:
- ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES
- ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES
- http://advisories.mageia.org/MGASA-2014-0270.html
- http://advisories.mageia.org/MGASA-2014-0270.html
- FEDORA-2014-7093
- FEDORA-2014-7093
- openSUSE-SU-2014:0804
- openSUSE-SU-2014:0804
- openSUSE-SU-2014:0805
- openSUSE-SU-2014:0805
- http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html
- http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html
- 57455
- 57455
- 58628
- 58628
- GLSA-201412-32
- GLSA-201412-32
- FreeBSD-SA-14:11
- FreeBSD-SA-14:11
- MDVSA-2014:147
- MDVSA-2014:147
- MDVSA-2015:128
- MDVSA-2015:128
- 67791
- 67791
- 1030331
- 1030331
- http://www.sendmail.com/sm/open_source/download/8.14.9/
- http://www.sendmail.com/sm/open_source/download/8.14.9/
- SSA:2014-156-04
- SSA:2014-156-04
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368