Showing 1 - 4 of 4

CVE-2020-8794

Status Candidate

Overview

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Related Files

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation: Posted Mar 5, 2020; Authored by wvu, Qualys Security Advisory | Site metasploit.com; This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses.; tags | exploit, root; advisories | CVE-2020-8794; SHA-256 | eaae80dd2ec7c12121e43d82f332898ca6bf36eb080cf1316770e1ef1e93f2f0; Download | Favorite | View

Ubuntu Security Notice USN-4294-1: Posted Mar 2, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.; tags | advisory, remote, arbitrary, shell, local, root; systems | linux, ubuntu; advisories | CVE-2020-8793, CVE-2020-8794; SHA-256 | 5b6805dc7503709eaa6444271d78fe6c8eb7dcb5aa91a23ed44fee1b7b1d5835; Download | Favorite | View

Debian Security Advisory 4634-1: Posted Feb 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.; tags | advisory, arbitrary, local; systems | linux, debian; advisories | CVE-2020-8794; SHA-256 | 5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0; Download | Favorite | View

OpenSMTPD Out-Of-Bounds Read: Posted Feb 25, 2020; Authored by Qualys Security Advisory; Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.; tags | exploit, arbitrary, shell; systems | openbsd; advisories | CVE-2020-8794; SHA-256 | 2c58b82819510289b2fd55d1c6a82b81b279777abd6a6b0db391f990ec12b148; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 213 files
indoushka 118 files
Ubuntu 88 files
Gentoo 33 files
Debian 25 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,890)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,777)
UNIX (9,440)
UnixWare (187)
Windows (6,676)
Other

CVE-2020-8794

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems