Описание
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-8793
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E
- https://usn.ubuntu.com/4294-1
- https://www.openbsd.org/security.html
- http://seclists.org/fulldisclosure/2020/Feb/28
- http://www.openwall.com/lists/oss-security/2020/02/24/4
Связанные уязвимости
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...