FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
40c75597-574a-11ea-bff8-c85b76ce9b5aOpenSMTPd -- LPE and RCE in OpenSMTPD's default install

Qualys reports:

.


Discovery 2020-02-24
Entry 2020-02-24
opensmtpd
< 6.6.5,1

https://www.openwall.com/lists/oss-security/2020/02/24/5
CVE-2020-8794
76f1ce19-5749-11ea-bff8-c85b76ce9b5aOpenSMTPd -- Local information disclosure

Qualys reports:

We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).


Discovery 2020-02-24
Entry 2020-02-24
opensmtpd
< 6.6.4,1

https://www.openwall.com/lists/oss-security/2020/02/24/4
CVE-2020-8793
f0683976-5779-11ea-8a77-1c872ccb1e42OpenSMTPd -- LPE and RCE in OpenSMTPD's default install

OpenSMTPD developers reports:

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).


Discovery 2020-02-22
Entry 2020-02-24
Modified 2020-02-27
opensmtpd
< 6.6.4,1

CVE-2020-8793
https://www.openwall.com/lists/oss-security/2020/02/24/4
CVE-2020-8794
https://www.openwall.com/lists/oss-security/2020/02/24/5