FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f0683976-5779-11ea-8a77-1c872ccb1e42OpenSMTPd -- LPE and RCE in OpenSMTPD's default install

OpenSMTPD developers reports:

An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.

An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).


Discovery 2020-02-22
Entry 2020-02-24
Modified 2020-02-27
opensmtpd
< 6.6.4,1

CVE-2020-8793
https://www.openwall.com/lists/oss-security/2020/02/24/4
CVE-2020-8794
https://www.openwall.com/lists/oss-security/2020/02/24/5
76f1ce19-5749-11ea-bff8-c85b76ce9b5aOpenSMTPd -- Local information disclosure

Qualys reports:

We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).


Discovery 2020-02-24
Entry 2020-02-24
opensmtpd
< 6.6.4,1

https://www.openwall.com/lists/oss-security/2020/02/24/4
CVE-2020-8793
40c75597-574a-11ea-bff8-c85b76ce9b5aOpenSMTPd -- LPE and RCE in OpenSMTPD's default install

Qualys reports:

.


Discovery 2020-02-24
Entry 2020-02-24
opensmtpd
< 6.6.5,1

https://www.openwall.com/lists/oss-security/2020/02/24/5
CVE-2020-8794
08f5c27d-4326-11ea-af8b-00155d0a0200OpenSMTPd -- critical LPE / RCE vulnerability

OpenSMTPD developers report:

An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user


Discovery 2020-01-28
Entry 2020-01-29
opensmtpd
ge 6.4.0,1 lt 6.6.2,1

CVE-2020-7247
https://www.openwall.com/lists/oss-security/2020/01/28/3