CVE-2020-8793

Related Files

Ubuntu Security Notice USN-4294-1

Posted Mar 2, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.

tags | advisory, remote, arbitrary, shell, local, root

systems | linux, ubuntu

advisories | CVE-2020-8793, CVE-2020-8794

SHA-256 | 5b6805dc7503709eaa6444271d78fe6c8eb7dcb5aa91a23ed44fee1b7b1d5835

Download | Favorite | View

OpenSMTPD Local Information Disclosure

Posted Feb 25, 2020

Authored by Qualys Security Advisory

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

tags | exploit, arbitrary, local, root, proof of concept

systems | openbsd

advisories | CVE-2020-8793

SHA-256 | 3617b8854e485e1d063e08764e96429e54c6b7bb0467d127e819133f80c925d5

Download | Favorite | View