Lucene search
K

256 matches found

Veracode
Veracode
added 2020/09/21 6:18 a.m.23 views

Information Disclosure

OpenSMTPD is vulnerable to information disclosure. An untrusted search path in makemap.c and race conditions in the offline functionality in smptd.c allows local users to read arbitrary files on the system...

4.7CVSS2.8AI score0.009EPSS
Exploits4References6Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/03/18 12:0 a.m.9 views

OpenSMTPD Remote Code Execution (CVE-2020-7247)

A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.3AI score0.98946EPSS
Exploits27
OpenVAS
OpenVAS
added 2020/03/17 12:0 a.m.50 views

Fedora: Security Advisory for opensmtpd (FEDORA-2020-b92d7083ca)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7AI score
Exploits0References4
Fedora
Fedora
added 2020/03/16 8:45 p.m.38 views

[SECURITY] Fedora 32 Update: opensmtpd-6.6.4p1-2.fc32

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

10CVSS0.8AI score0.98946EPSS
Exploits41
Check Point Advisories
Check Point Advisories
added 2020/03/15 12:0 a.m.3 views

OpenSMTPD Remote Code Execution (CVE-2020-8794)

A remote code execution vulnerability exists in OpenSMTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.3AI score0.88535EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/03/09 12:0 a.m.184 views

OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS9.6AI score0.88535EPSS
Exploits10
0day.today
0day.today
added 2020/03/06 12:0 a.m.390 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...

10CVSS0.4AI score0.88535EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.30 views

Ubuntu 18.04 LTS : OpenSMTPD vulnerabilities (USN-4294-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4294-1 advisory. It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell...

10CVSS7.9AI score0.88535EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.17 views

Fedora 31 : opensmtpd (2020-283dc7f094)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.18 views

Fedora 30 : opensmtpd (2020-31216ab928)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

5.8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2020/03/05 12:0 a.m.119 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS0.4AI score0.88535EPSS
Exploits10
OpenVAS
OpenVAS
added 2020/03/05 12:0 a.m.11 views

Fedora: Security Advisory for opensmtpd (FEDORA-2020-283dc7f094)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2020/03/04 9:31 p.m.15 views

[SECURITY] Fedora 31 Update: opensmtpd-6.6.4p1-1.fc31

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2020/03/04 12:0 a.m.8 views

Fedora: Security Advisory for opensmtpd (FEDORA-2020-31216ab928)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Metasploit
Metasploit
added 2020/03/03 11:41 p.m.58 views

OpenSMTPD OOB Read Local Privilege Escalation

This module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.5AI score0.88535EPSS
Exploits10
Fedora
Fedora
added 2020/03/03 8:53 p.m.14 views

[SECURITY] Fedora 30 Update: opensmtpd-6.6.4p1-1.fc30

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2020/03/03 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-4294-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.88535EPSS
Exploits14References2
Ubuntu
Ubuntu
added 2020/03/02 6:17 p.m.99 views

USN-4294-1: OpenSMTPD vulnerabilities

It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. CVE-2020-8794 It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An...

10CVSS7.5AI score0.88535EPSS
Exploits14
OSV
OSV
added 2020/03/02 6:17 p.m.5 views

USN-4294-1 OpenSMTPD vulnerabilities

It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. CVE-2020-8794 It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An...

10CVSS7.1AI score0.88535EPSS
Exploits14References3
ArchLinux
ArchLinux
added 2020/02/29 12:0 a.m.33 views

[ASA-202002-13] opensmtpd: arbitrary command execution

Arch Linux Security Advisory ASA-202002-13 ========================================== Severity: Critical Date : 2020-02-29 CVE-ID : CVE-2020-8794 Package : opensmtpd Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1105 Summary ======= The package opensmtp...

10CVSS2.5AI score0.88535EPSS
Exploits10References3
Rows per page
Query Builder