OpenSMTPD 6.6.1 - Local Privilege Escalation Exploit

Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation Date: 2020-02-02 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.opensmtpd.org/ Version: OpenSMTPD 6.4.0 - 6.6.1 Tested on: OpenBSD 6.6, Debian GNU/Linux bullseye/sid with opensmtpd 6.6.1p1-1 CVE: CVE-2020-7247 !/usr/bin/perl...

Linux: /etc/issue.net chmod

/etc/issue.net is a text file which contains a message or system identification to be printed before the login prompt for users who connect from the network. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Linux: System Information in /etc/motd

The content of /etc/motd file is displayed to users after successful login. Following escape chars display information about the system: - \m: machine architecture - \r: operating system release - \s: operating system name - \v: operating system version Copyright C 2020 Greenbone Networks GmbH...

CVE-2018-20712

A heap-based buffer over-read exists in the function dexpression1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt...

OpenSMTPD vulnerable to local privilege escalation and remote code execution

Overview Qualys Research Labs found that the smtpmailaddr function in OpenSMTPD version 6.6 does not properly sanitize user input, which could allow a local attacker to escalate their privileges, and allow either a local or remote attacker to execute arbitrary code as root. Description OpenSMTPD ...

CentOS 7 : libarchive (RHSA-2020:0203)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0203 advisory. - archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to...

Linux: Home directory for root user

The password file stores information about users such like username, UID, GID, etc. This script tests, if home directories for users are located in /home. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/...

Fedora: Security Advisory for podofo (FEDORA-2020-dd79b615cd)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

DEBIAN-CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

Buffer overflow

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

UBUNTU-CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

The CVE-2019-20433 issue affects GNU Aspell’s libaspell.a prior to 0.60.8, where a buffer over-read can occur for a string ending with a single ASCII NUL (’\0’) when the encoding is UCS-2 or UCS-4 outside the application, as demonstrated by the ASPELL_CONF environment variable. The vulnerability ...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

CVE-2019-20433

libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELLCONF environment variable...

openSUSE: Security Advisory for fontforge (openSUSE-SU-2020:0089_1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for gnulib (FEDORA-2020-663f619e9c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for ocsinventory-agent (FEDORA-2020-4c8a066b83)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...