CVE-2014-3956

low

Published 2014-06-04 · Modified 2026-05-06

CVSS v3

—

CVSS v2

1.9

VIR risk

1.9

Description

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-3956

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.sendmail.com/sm/open_source/download/8.14.9/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES

OS impact

OS	Version	Status	Fixed in
fedora	20	affected
freebsd		affected
debian	bookworm	fixed	`8.14.4-6`
debian	bullseye	fixed	`8.14.4-6`
debian	forky	fixed	`8.14.4-6`
debian	sid	fixed	`8.14.4-6`
debian	trixie	fixed	`8.14.4-6`

Application impact

Vendor	Product	Versions
hp	hpux	`{"endIncluding":"b.11.31"}`
sendmail	sendmail	`{"endIncluding":"8.14.8"}`
sendmail	sendmail	`8.6.7`
sendmail	sendmail	`8.7.6`
sendmail	sendmail	`8.7.7`
sendmail	sendmail	`8.7.8`
sendmail	sendmail	`8.7.9`
sendmail	sendmail	`8.7.10`
sendmail	sendmail	`8.8.8`
sendmail	sendmail	`8.9.0`
sendmail	sendmail	`8.9.1`
sendmail	sendmail	`8.9.2`
sendmail	sendmail	`8.9.3`
sendmail	sendmail	`8.10`
sendmail	sendmail	`8.10.0`
sendmail	sendmail	`8.10.1`
sendmail	sendmail	`8.10.2`
sendmail	sendmail	`8.11.0`
sendmail	sendmail	`8.11.1`
sendmail	sendmail	`8.11.2`
sendmail	sendmail	`8.11.3`
sendmail	sendmail	`8.11.4`
sendmail	sendmail	`8.11.5`
sendmail	sendmail	`8.11.6`
sendmail	sendmail	`8.11.7`
sendmail	sendmail	`8.12.0`
sendmail	sendmail	`8.12.1`
sendmail	sendmail	`8.12.2`
sendmail	sendmail	`8.12.3`
sendmail	sendmail	`8.12.4`
sendmail	sendmail	`8.12.5`
sendmail	sendmail	`8.12.6`
sendmail	sendmail	`8.12.7`
sendmail	sendmail	`8.12.8`
sendmail	sendmail	`8.12.9`
sendmail	sendmail	`8.12.10`
sendmail	sendmail	`8.12.11`
sendmail	sendmail	`8.13.0`
sendmail	sendmail	`8.13.1`
sendmail	sendmail	`8.13.2`
sendmail	sendmail	`8.13.3`
sendmail	sendmail	`8.13.4`
sendmail	sendmail	`8.13.5`
sendmail	sendmail	`8.13.6`
sendmail	sendmail	`8.13.7`
sendmail	sendmail	`8.13.8`
sendmail	sendmail	`8.14.0`
sendmail	sendmail	`8.14.1`
sendmail	sendmail	`8.14.2`
sendmail	sendmail	`8.14.3`
sendmail	sendmail	`8.14.4`
sendmail	sendmail	`8.14.5`
sendmail	sendmail	`8.14.6`
sendmail	sendmail	`8.14.7`

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.