| VID |
18116 |
| Severity |
20 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The remote mail server is running a version of Sendmail prior to 8.14.9. It is, therefore, affected by a flaw related to file descriptors and the 'close-on-exec' flag that may allow a local attacker to cause unspecified impact on open SMTP connections.
- CVE-2014-3956
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
* References:
http://www.sendmail.org/releases/8.14.9
http://freecode.com/projects/sendmail/releases/363923
* Platforms Affected :
Sendmail prior to 8.14.9,All platforms |
| Recommendation |
Upgrade to the Sendmail version 8.14.9 or the latest version from the Sendmail web site, http://www.sendmail.org/releases/8.14.9 |
| Related URL |
CVE-2014-3956 (CVE) |
| Related URL |
67791 (SecurityFocus) |
| Related URL |
(ISS) |
|
