CVE-2014-3956

Published: 04 June 2014

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

From the Ubuntu security team

It was discovery that sendmail has a vulnerability where it disclosure sensitive informations via a carfted message. An attacker could use it to retrieve it.

Priority

Low

Status

Package Release Status
sendmail
Launchpad, Ubuntu, Debian
Upstream
Released (8.14.4-6)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(8.14.4-7)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(8.14.4-7)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (8.14.4-4.1ubuntu1.1)