CVE-2014-3956
Publication date 4 June 2014
Last updated 24 July 2024
Ubuntu priority
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
From the Ubuntu Security Team
It was discovery that sendmail has a vulnerability where it disclosure sensitive informations via a carfted message. An attacker could use it to retrieve it.
Status
Package | Ubuntu Release | Status |
---|---|---|
sendmail | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Fixed 8.14.4-4.1ubuntu1.1
|
|