Re: sendmail close-on-exec issue -- CVE assigned?

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> (Quote from ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES )
>
> 8.14.9/8.14.9   2014/05/21
>         SECURITY: Properly set the close-on-exec flag for file
>                 descriptors (except stdin, stdout, and stderr) before
>                 executing mailers.

> http://www.sendmail.com/sm/open_source/download/8.14.9/

Use CVE-2014-3956.

Note that the unpatched code (in, for example, 8.14.8) has this in
conf.c:

  **      Parameters:
  **              lowest -- first fd to arrange to be closed
  **              highest -- last fd + 1 to arrange to be closed

  void sm_close_on_exec(highest, lowest)

but callers use arguments of highest=STDERR_FILENO+1 and
lowest=DtableSize, apparently a CWE-683 issue.

8.14.9 has "void sm_close_on_exec(lowest, highest)" instead.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTjrthAAoJEKllVAevmvmsm2gIAL6fzTGr2K76MASMo2sqE+97
F8eJOcdo1pbaBmENvrBYp1VEdy44xA3su6L7jYpQDeuh8J1dOfn9JmtItCuwQHco
HTf87fdJoUiHWSPt7VpuISRoCu/BdOJulyhivJuN5aaNK8elpBTZC62Fn2xN4zdp
W1E6AEeePK83jMJuf+pK8WR5WJLnoBQPs33FrFXiJGskoa54FOSgUvpMa6b0cGIe
UDT3tWhNb6UFQ82zQHNAsx6cmtJuG83wNfTkFdUm6HFs4EbsBSz+AvN8ILJoRJhU
rShAOQeXwbWkOwhbQqehq+MBZFdvB6k3zRcjr4LZziVg9swdlr96WcbhLOJj7Ek=
=EjVD
-----END PGP SIGNATURE-----