The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Sendmail: privilege escalation via File Descriptors

Synthesis of the vulnerability 

A local attacker can access to file descriptors of Sendmail, in order to escalate his privileges.
Vulnerable systems: Fedora, FreeBSD, HP-UX, AIX, OpenBSD, openSUSE, Solaris, Sendmail, Slackware.
Severity of this threat: 2/4.
Creation date: 21/05/2014.
Références of this weakness: c05216368, CVE-2014-3956, FEDORA-2014-7093, FEDORA-2014-7095, FreeBSD-SA-14:11.sendmail, HPSBUX03632, MDVSA-2014:147, MDVSA-2015:128, openSUSE-SU-2014:0804-1, openSUSE-SU-2014:0805-1, SSA:2014-156-04, SSRT110194, VIGILANCE-VUL-14780.

Description of the vulnerability 

The Sendmail product allows a local user to define a program to be executed when he receives an email (for example with procmail).

However, before executing this external program, Sendmail does not close its file descriptors. This program can thus for example access to the file descriptor of the SMTP session.

A local attacker can therefore access to file descriptors of Sendmail, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as Fedora, FreeBSD, HP-UX, AIX, OpenBSD, openSUSE, Solaris, Sendmail, Slackware.

Our Vigil@nce team determined that the severity of this security vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat 

Sendmail: version 8.14.9.
The version 8.14.9 is fixed:
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.9.tar.gz

AIX: patch for sendmail.
A patch is indicated in information sources.

Fedora: new sendmail packages.
New packages are available:
  Fedora 19: sendmail 8.14.7-2.fc19
  Fedora 20: sendmail 8.14.8-2.fc20

FreeBSD: patch for sendmail.
A patch is available in information sources.

HPUX-MailServer: version C.8.15.2.1.
The version C.8.15.2.1 is fixed:
  https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL815

Mandriva BS2: new sendmail packages.
New packages are available:
  Mandriva BS2: sendmail 8.14.7-4.1.mbs2

Mandriva: new sendmail packages.
New packages are available:
  Mandriva BS1: sendmail 8.14.6-2.1.mbs1

OpenBSD: patch for sendmail.
A patch is available:
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/011_sendmail.patch
  http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/007_sendmail.patch.sig

openSUSE: new sendmail packages.
New packages are available:
  openSUSE 11.4: sendmail 8.14.4-64.1
  openSUSE 12.3: sendmail 8.14.5-85.4.2
  openSUSE 13.1: sendmail 8.14.7-92.5.2

Slackware: new sendmail packages.
New packages are available:
  Slackware 13.0: sendmail 8.14.9-i486-1_slack13.0
  Slackware 13.1: sendmail 8.14.9-i486-1_slack13.1
  Slackware 13.37: sendmail 8.14.9-i486-1_slack13.37
  Slackware 14.0: sendmail 8.14.9-i486-1_slack14.0
  Slackware 14.1: sendmail 8.14.9-i486-1_slack14.1

Solaris: version 11.2.4.6.0.
The version 11.2.4.6.0 is fixed:
  https://support.oracle.com/rs?type=doc&id=1945067.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity bulletin. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.