Описание
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| opensmtpd | fixed | 6.6.4p1-1 | package | |
| opensmtpd | fixed | 6.0.3p1-5+deb10u4 | buster | package |
| opensmtpd | fixed | 6.0.2p1-2+deb9u3 | stretch | package |
Примечания
https://www.openwall.com/lists/oss-security/2020/02/24/4
https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
Neutralised by kernel hardening
EPSS
Связанные уязвимости
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
EPSS