CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
10.1%
Software: sendmail 8.14.7
OS: Cobalt 7.9
CVE-ID: CVE-2014-3956
CVE-Crit: CRITICAL
CVE-DESC: The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order and therefore misses setting expected FD_CLOEXEC flags, which allows local users to access unintended file descriptors with high file numbers via customized mail delivery. program.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2014-3956
CVE-Crit: CRITICAL
CVE-DESC: The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order and therefore misses setting the expected FD_CLOEXEC flags, allowing local users to access unintended file descriptors with high file numbers via customized mail delivery. program.
CVE-STATUS: default
CVE-REV: default