256 matches found
Information Disclosure
OpenSMTPD is vulnerable to information disclosure. An untrusted search path in makemap.c and race conditions in the offline functionality in smptd.c allows local users to read arbitrary files on the system...
OpenSMTPD Remote Code Execution (CVE-2020-7247)
A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Fedora: Security Advisory for opensmtpd (FEDORA-2020-b92d7083ca)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: opensmtpd-6.6.4p1-2.fc32
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...
OpenSMTPD Remote Code Execution (CVE-2020-8794)
A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit
This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...
Ubuntu 18.04 LTS : OpenSMTPD vulnerabilities (USN-4294-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4294-1 advisory. It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell...
Fedora 31 : opensmtpd (2020-283dc7f094)
Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...
Fedora 30 : opensmtpd (2020-31216ab928)
Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...
Fedora: Security Advisory for opensmtpd (FEDORA-2020-283dc7f094)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 31 Update: opensmtpd-6.6.4p1-1.fc31
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...
Fedora: Security Advisory for opensmtpd (FEDORA-2020-31216ab928)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSMTPD OOB Read Local Privilege Escalation
This module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current source:...
[SECURITY] Fedora 30 Update: opensmtpd-6.6.4p1-1.fc30
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...
Ubuntu: Security Advisory (USN-4294-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4294-1: OpenSMTPD vulnerabilities
It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. CVE-2020-8794 It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An...
USN-4294-1 OpenSMTPD vulnerabilities
It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. CVE-2020-8794 It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An...
[ASA-202002-13] opensmtpd: arbitrary command execution
Arch Linux Security Advisory ASA-202002-13 ========================================== Severity: Critical Date : 2020-02-29 CVE-ID : CVE-2020-8794 Package : opensmtpd Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1105 Summary ======= The package opensmtp...