256 matches found
OpenSMTPD: Multiple vulnerabilities
Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to the SMTP listener daemon, could possibly...
OpenBSD OpenSMTPD 6.6 Remote Code Execution Exploit
smtpmailaddr in smtpsession.c in OpenSMTPD version 6.6, as used in OpenBSD version 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default...
OpenBSD OpenSMTPD 6.6 Remote Code Execution
Exploit Title: OpenBSD OpenSMTPD Remote Code Execution Vulnerability Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 6.6 Description: smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute...
USN-4875-1: OpenSMTPD vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...
Exploit for Improper Handling of Exceptional Conditions in Openbsd Opensmtpd
CVE-2020-7247-exploit OpenSMTPD 6.4.0 -...
Fedora 32 : opensmtpd (2021-71fbdecdf8)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-71fbdecdf8 advisory. - smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a very significant memory leak via...
Fedora 33 : opensmtpd (2021-848fd34b0b)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-848fd34b0b advisory. - smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a very significant memory leak via...
Fedora: Security Advisory for opensmtpd (FEDORA-2021-71fbdecdf8)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for opensmtpd (FEDORA-2021-848fd34b0b)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: opensmtpd-6.8.0p2-1.fc33
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...
[SECURITY] Fedora 32 Update: opensmtpd-6.8.0p2-1.fc32
OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...
[ASA-202101-18] opensmtpd: multiple issues
Arch Linux Security Advisory ASA-202101-18 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-35679 CVE-2020-35680 Package : opensmtpd Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1381 Summary ======= The package opensmtp...
Denial Of Service (DoS)
opensmtpd is vulnerable to denial of service. The smtpd/lkafilter.c, in certain configurations, allows remote attackers to cause a denial of service via a NULL pointer dereference and daemon crash using a malicious pattern of client activity as the filter state machine does not properly maintain...
Denial Of Service (DoS)
OpenSMTPD is vulnerable to denial of service. The vulnerability is possible because it lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages...
Openbsd Opensmtpd Null Pointer Dereference Vulnerability
OpenSMTPD is a Unix daemon that implements the Simple Mail Transfer Protocol for delivering mail on the local computer or relaying mail to other SMTP servers. A null pointer dereference vulnerability exists in smtpd/lkafilter.c in versions of OpenSMTPD prior to 6.8.0p1. The vulnerability stems fr...
ALPINE-CVE-2020-35680
smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...
ALPINE-CVE-2020-35679
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...
CVE-2020-35680
smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...
CVE-2020-35679
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...
DEBIAN-CVE-2020-35679
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...