This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- The sm_close_on_exec function in conf.c in sendmail
before 8.14.9 has arguments in the wrong order, and
consequently skips setting expected FD_CLOEXEC flags,
which allows local users to access unintended
high-numbered file descriptors via a custom
mail-delivery program. (CVE-2014-3956)
See also :
Upgrade to Solaris 188.8.131.52.0.
Risk factor :
Low / CVSS Base Score : 1.9