CVE-2014-3956 – Gentoo Linux Security Advisory 201412-32

https://notcve.org/view.php?id=CVE-2014-3956

04 Jun 2014 — The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. La función sm_close_on_exec en conf.c en sendmail anterior a 8.14.9 tiene argumentos en el orden erróneo, y como consecuencia evade configurar etiquetas FD_CLOEXEC esperadas, lo que permite a usuarios locales acceder a descriptores de archiv... • ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •