A vulnerability in OpenSMTPD library affects BSD and Linux distros

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Vulnerability in OpenSMTPD, Recently vulnerability found inside a core email library, It is used by many Linux distributions and BSD. Security researchers discovered it.

OpenSMTPD and OpenBSD’s servers are affected by vulnerability CVE-2020-7247. Via a crafted SMTP session remote attackers can execute arbitrary commands as root. As it is demonstrated by shell metacharacters in the mail from the field. It impacts the uncommented default configuration. Since May 2018, CVE-2020-7247 is exploitable.

OpenBSD is the Main project and Open SMTPD is the part of it. It allows exchanging emails with other remote systems speaking the SMTP protocol. Vulnerability contains remote code execution flaws and local privilege escalation. It can be run remote code on a server, which uses the OpenSMTPD client.

A Patch has released for A vulnerability in OpenSMTPD library

Vulnerability is confirmed by OpenSMTPD developers and released a patch. It is called as a critical security bugfix release. From the recent announcement, simple proof of concept developed by developer and tested against OpenBSD 6.6 and Debian testing. But other distributions and versions may be exploitable.

If you interested in reading more or want to know what is technical details? Read Qualys CVE-2020-7247 Security Advisory.

Read More about Linux News? Signup for our Newsletter for daily Linux updates straight to your mail.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This