You are here
Home > Preporuke > Ranjivost programskog paketa sendmail

Ranjivost programskog paketa sendmail

by ncert - 0

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 201412-32
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
http://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: sendmail: Information disclosure
Date: December 22, 2014
Bugs: #511760
ID: 201412-32

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

A vulnerability in sendmail could allow a local attacker to obtain
sensitive information.

Background
==========

sendmail is a widely-used Mail Transport Agent (MTA).

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 mail-mta/sendmail < 8.14.9 >= 8.14.9

Description
===========

The sm_close_on_exec function in conf.c has arguments in the wrong
order.

Impact
======

A local attacker could get access to unintended high-numbered file
descriptors via a specially crafted program.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All sendmail users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=mail-mta/sendmail-8.14.9”

References
==========

[ 1 ] CVE-2014-3956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3956

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201412-32.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iJwEAQECAAYFAlSYMnIACgkQG9wOWsQutdaHBQQAvS/ZOZkmfMaXN+/SDsgeARTY
ISFHfS7nYJMJKNpFNI0KCozLm+d0CfdVrKKINH3UqWC2iyE6WgwbLpbXWfevOagO
LN6IdcviDnOv7sOOk5Cid1OuKIo5BO7bu0+q8ot+gbiGmgUrCkIGjno+RMEiCZ1x
HXYlr9jlL/4J/U3qGu0=
=B3k8
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Ranjivosti programskog paketa ntp

Ubuntu je izdao zakrpe za otlanjanje četiri ranjivosti kod programskog paketa ntp. Ranjivosti su posljedica generiranja slabih autentikacijskih i MD5...

Close