FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f0683976-5779-11ea-8a77-1c872ccb1e42	OpenSMTPd -- LPE and RCE in OpenSMTPD's default install OpenSMTPD developers reports: An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). Discovery 2020-02-22 Entry 2020-02-24 Modified 2020-02-27 opensmtpd lt 6.6.4,1 CVE-2020-8793 https://www.openwall.com/lists/oss-security/2020/02/24/4 CVE-2020-8794 https://www.openwall.com/lists/oss-security/2020/02/24/5

VuXML ID

Description

f0683976-5779-11ea-8a77-1c872ccb1e42

OpenSMTPd -- LPE and RCE in OpenSMTPD's default install

OpenSMTPD developers reports:

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).

Discovery 2020-02-22
Entry 2020-02-24
Modified 2020-02-27
opensmtpd

lt 6.6.4,1

CVE-2020-8793
https://www.openwall.com/lists/oss-security/2020/02/24/4
CVE-2020-8794
https://www.openwall.com/lists/oss-security/2020/02/24/5