Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 4 Jun 2014 02:24:56 -0400 (EDT)
From: cve-assign@...re.org
To: delphij@...phij.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: sendmail close-on-exec issue -- CVE assigned?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> (Quote from ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES )
> 
> 8.14.9/8.14.9   2014/05/21
>         SECURITY: Properly set the close-on-exec flag for file
>                 descriptors (except stdin, stdout, and stderr) before
>                 executing mailers.

> http://www.sendmail.com/sm/open_source/download/8.14.9/

Use CVE-2014-3956.

Note that the unpatched code (in, for example, 8.14.8) has this in
conf.c:

  **      Parameters:
  **              lowest -- first fd to arrange to be closed
  **              highest -- last fd + 1 to arrange to be closed

  void sm_close_on_exec(highest, lowest)

but callers use arguments of highest=STDERR_FILENO+1 and
lowest=DtableSize, apparently a CWE-683 issue.

8.14.9 has "void sm_close_on_exec(lowest, highest)" instead.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTjrthAAoJEKllVAevmvmsm2gIAL6fzTGr2K76MASMo2sqE+97
F8eJOcdo1pbaBmENvrBYp1VEdy44xA3su6L7jYpQDeuh8J1dOfn9JmtItCuwQHco
HTf87fdJoUiHWSPt7VpuISRoCu/BdOJulyhivJuN5aaNK8elpBTZC62Fn2xN4zdp
W1E6AEeePK83jMJuf+pK8WR5WJLnoBQPs33FrFXiJGskoa54FOSgUvpMa6b0cGIe
UDT3tWhNb6UFQ82zQHNAsx6cmtJuG83wNfTkFdUm6HFs4EbsBSz+AvN8ILJoRJhU
rShAOQeXwbWkOwhbQqehq+MBZFdvB6k3zRcjr4LZziVg9swdlr96WcbhLOJj7Ek=
=EjVD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ