Oracle Solaris Third-Party Patch Update : sendmail (cve_2014_3956_information_disclosure)
Low Nessus Plugin ID 80770
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. (CVE-2014-3956)
SolutionUpgrade to Solaris 18.104.22.168.0.