OpenSMTPd -- Local information disclosure

2020-02-24T00:00:00
ID 76F1CE19-5749-11EA-BFF8-C85B76CE9B5A
Type freebsd
Reporter FreeBSD
Modified 2020-02-24T00:00:00

Description

Qualys reports:

We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).