CVE-2020-8793

Опубликовано: 25 фев. 2020

Источник: nvd

CVSS3: 4.7

CVSS2: 4.7

EPSS Низкий

Описание

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

Ссылки

http://seclists.org/fulldisclosure/2020/Feb/28
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/24/4
Exploit
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
https://usn.ubuntu.com/4294-1/
Third Party Advisory
https://www.openbsd.org/security.html
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Feb/28
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/24/4
Exploit
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
https://usn.ubuntu.com/4294-1/
Third Party Advisory
https://www.openbsd.org/security.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*

Версия до 6.6.4 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00786

Низкий

4.7 Medium

CVSS3

4.7 Medium

CVSS2

Дефекты

CWE-367

Связанные уязвимости

CVE-2020-8793

CVSS3: 4.7

ubuntu

почти 6 лет назад

CVE-2020-8793

CVSS3: 4.7

debian

почти 6 лет назад

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...

GHSA-m2cf-xghm-rxmc

github

больше 3 лет назад

EPSS

Процентиль: 73%

0.00786

Низкий

4.7 Medium

CVSS3

4.7 Medium

CVSS2

Дефекты

CWE-367