FreeBSD : FreeBSD -- sendmail improper close-on-exec flag handling (6d9eadaf-6007-11e6-a6c3-14dae9d210b8)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

There is a programming error in sendmail(8) that prevented open file
descriptors have close-on-exec properly set. Consequently a subprocess
will be able to access all open files that the parent process have
open. Impact : A local user who can execute their own program for mail
delivery will be able to interfere with an open SMTP connection.

See also :

http://www.nessus.org/u?b23bc31e

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.7
(CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 92901 ()

Bugtraq ID: 67791

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now