OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-8794) Threat Alert

março 18, 2020


On February 24, local time, researchers from Qualys released a remote code execution vulnerability (CVE-2020-8794) existing in OpenSMTPD.

As part of the OpenBSD part, OpenSMTPD (also known as OpenBSD’s mail server) is a free implementation of the server-side SMTP protocol as defined by RFC 5321.

CVE-2020-8794 is an out-of-bounds read vulnerability. Attackers could exploit this vulnerability to inject arbitrary commands into the envelope file that are then executed as root.

According to researchers, they developed a simple exploit for this vulnerability and successfully tested it against OpenBSD 6.6, OpenBSD 5.9, Debian 10 (stable), Debian 11 (testing), and Fedora 31.

Reference: (mais…)


Inscreva-se no Blog da NSFOCUS