oss-sec mailing list archives
Re: sendmail close-on-exec issue -- CVE assigned?
From: cve-assign () mitre org
Date: Wed, 4 Jun 2014 02:24:56 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
(Quote from ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES ) 8.14.9/8.14.9 2014/05/21 SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers.
http://www.sendmail.com/sm/open_source/download/8.14.9/
Use CVE-2014-3956. Note that the unpatched code (in, for example, 8.14.8) has this in conf.c: ** Parameters: ** lowest -- first fd to arrange to be closed ** highest -- last fd + 1 to arrange to be closed void sm_close_on_exec(highest, lowest) but callers use arguments of highest=STDERR_FILENO+1 and lowest=DtableSize, apparently a CWE-683 issue. 8.14.9 has "void sm_close_on_exec(lowest, highest)" instead. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTjrthAAoJEKllVAevmvmsm2gIAL6fzTGr2K76MASMo2sqE+97 F8eJOcdo1pbaBmENvrBYp1VEdy44xA3su6L7jYpQDeuh8J1dOfn9JmtItCuwQHco HTf87fdJoUiHWSPt7VpuISRoCu/BdOJulyhivJuN5aaNK8elpBTZC62Fn2xN4zdp W1E6AEeePK83jMJuf+pK8WR5WJLnoBQPs33FrFXiJGskoa54FOSgUvpMa6b0cGIe UDT3tWhNb6UFQ82zQHNAsx6cmtJuG83wNfTkFdUm6HFs4EbsBSz+AvN8ILJoRJhU rShAOQeXwbWkOwhbQqehq+MBZFdvB6k3zRcjr4LZziVg9swdlr96WcbhLOJj7Ek= =EjVD -----END PGP SIGNATURE-----
Current thread:
- sendmail close-on-exec issue -- CVE assigned? Xin Li (Jun 02)
- Re: sendmail close-on-exec issue -- CVE assigned? cve-assign (Jun 03)