UBUNTU-CVE-2014-3956

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2014-3956
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3956.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2014-3956
Upstream
Published
2014-06-04T11:19:00Z
Modified
2025-09-08T16:43:10Z
Severity
  • Ubuntu - low
Summary
[none]
Details

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

References

Affected packages

Ubuntu:14.04:LTS / sendmail

Package

Name
sendmail
Purl
pkg:deb/ubuntu/sendmail@8.14.4-4.1ubuntu1.1?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.14.4-4.1ubuntu1.1

Affected versions

8.*
8.14.4-2.1ubuntu4
8.14.4-2.1ubuntu5
8.14.4-4.1ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "libmilter-dev"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "libmilter1.0.1"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "rmail"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "sendmail"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "sendmail-base"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "sendmail-bin"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "sendmail-cf"
        },
        {
            "binary_version": "8.14.4-4.1ubuntu1.1",
            "binary_name": "sensible-mda"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3956.json"