Computer Security
[EN] securityvulns.ru no-pyccku


sendmail file descriptor leakage
Published:04.06.2014
Source:
SecurityVulns ID:13809
Type:local
Threat Level:
5/10
Description:File descriptors are not closed on external applications call.
Affected:SENDMAIL : Sendmail 8.14
CVE:CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail (04.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod