Login

Register

Login

Register

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers


OpenSMTPD email server vulnerability

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.

OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.

It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

Discovered by experts at Qualys Research Labs, who also reported a similar RCE flaw in the email server application last month, the latest out-of-bounds read issue, tracked as CVE-2020-8794, resides in a component of the OpenSMTPD’s client-side code that was introduced nearly 5 years ago.

Just like the previous issue, which attackers started exploiting in the wild just a day after its public disclosure, the new OpenSMTPD flaw could also let remote hackers execute arbitrary commands on the vulnerable servers with privileges of either root or any non-root user.

opensmtpd vulnerability

As described in the screenshot of the advisory, the flaw can be exploited by a local or remote attacker in two ways by sending specially crafted SMTP messages, one works in the default configuration, and the second leverages email bounce mechanism.

“We developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the first vulnerable release), Debian 10 (stable), Debian 11 (testing), and Fedora 31,” the advisory says.

“We tested our exploit against the recent changes in OpenSMTPD 6.6.3p1, and our results are: if the “mbox” method is used for local delivery (the default in OpenBSD -current), then arbitrary command execution as root is still possible; otherwise (if the “maildir” method is used, for example), arbitrary command execution as any non-root user is possible.”

However, the Qualys team has decided to withhold the exploitation details and exploit code until 26th February, giving vulnerable OpenSMTPD’s users a two-day window to patch their systems.

If you’re also running BSD or Linux servers with a vulnerable version of the OpenSMTPD, you’re advised to download OpenSMTPD 6.6.4 and apply the patch as soon as possible.





The Original Source Of This Story: Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
HACKER FOR HIRE MURDERS
 

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW