CVE-2014-3956
https://notcve.org/view.php?id=CVE-2014-3956
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. La función sm_close_on_exec en conf.c en sendmail anterior a 8.14.9 tiene argumentos en el orden erróneo, y como consecuencia evade configurar etiquetas FD_CLOEXEC esperadas, lo que permite a usuarios locales acceder a descriptores de archivos de número alto no intencionados a través de un programa de entrega de correo personalizado. • ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES http://advisories.mageia.org/MGASA-2014-0270.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html http://secunia.com/advisories/57455 http://secunia.com/advisories/58628 http://security.gentoo.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1427
https://notcve.org/view.php?id=CVE-2009-1427
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call. Vulnerabilidad sin especificar en el sistema HP-UX B.11.31, permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores desconocidos, relacionado con la llamada del sistema "ttrace". • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832652 http://secunia.com/advisories/36261 http://www.securityfocus.com/bid/36017 http://www.securitytracker.com/id?1022706 http://www.vupen.com/english/advisories/2009/2230 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6215 •
CVE-2008-3543
https://notcve.org/view.php?id=CVE-2008-3543
Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors. Vulnerabilidad no especificada en NFS / ONCplus B.11.31_04 y versiones anteriores, en HP-UX B.11.31 que permite a los atacante remoto causar una denegación de servicios a tráves de un vector de ataque desconocido. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01570585 http://secunia.com/advisories/32161 http://www.securityfocus.com/bid/31607 http://www.securitytracker.com/id?1020993 http://www.vupen.com/english/advisories/2008/2748 https://exchange.xforce.ibmcloud.com/vulnerabilities/45695 •