A vulnerability in OpenSMTPD library affects BSD and Linux distros

Must Read
Roger Moraleshttps://www.cloudhostnews.com/
Professional & passionate blogger by heart. Write various topics like web hosting, cloud computing, Linux, datacenter, reviews, the latest hosting news, etc. He is working on many popular blogs and also works as a technical Analyst.

Vulnerability in OpenSMTPD, Recently vulnerability found inside a core email library, It is used by many Linux distributions and BSD. Security researchers discovered it.

OpenSMTPD and OpenBSD’s servers are affected by vulnerability CVE-2020-7247. Via a crafted SMTP session remote attackers can execute arbitrary commands as root. As it is demonstrated by shell metacharacters in the mail from the field. It impacts the uncommented default configuration. Since May 2018, CVE-2020-7247 is exploitable.

OpenBSD is the Main project and Open SMTPD is the part of it. It allows exchanging emails with other remote systems speaking the SMTP protocol. Vulnerability contains remote code execution flaws and local privilege escalation. It can be run remote code on a server, which uses the OpenSMTPD client.

A Patch has released for A vulnerability in OpenSMTPD library

Vulnerability is confirmed by OpenSMTPD developers and released a patch. It is called as a critical security bugfix release. From the recent announcement, simple proof of concept developed by developer and tested against OpenBSD 6.6 and Debian testing. But other distributions and versions may be exploitable.

If you interested in reading more or want to know what is technical details? Read Qualys CVE-2020-7247 Security Advisory.

Read More about Linux News? Signup for our Newsletter for daily Linux updates straight to your mail.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Google rolls out the new Google Meet web app

As Gooogle rolls out the new Google Meet web app just a few days after zoom released one. Now,...

More Articles Like This