CVE-2020-8793
published 2020-02-25CVE-2020-8793: OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in…
PriorityP426medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EXPLOIT
EPSS
0.90%
55.1th percentile
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | opensmtpd | < opensmtpd 6.6.4p1-1 (bookworm) | opensmtpd 6.6.4p1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| opensmtpd | opensmtpd | < 6.6.4 | 6.6.4 |
| opensmtpd | opensmtpd | >= 0 < 6.6.4p1-1 | 6.6.4p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.6.4p1-1 | 6.6.4p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.6.4p1-1 | 6.6.4p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.6.4p1-1 | 6.6.4p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.0.3p1-1ubuntu0.2 | 6.0.3p1-1ubuntu0.2 |
| opensmtpd | opensmtpd | >= 0 < 5.4.1p1-1ubuntu0.1~esm1 | 5.4.1p1-1ubuntu0.1~esm1 |
| opensmtpd | opensmtpd | >= 0 < 5.7.3p2-1ubuntu0.1~esm2 | 5.7.3p2-1ubuntu0.1~esm2 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.7MEDIUMAV:L/AC:M/Au:N/C:C/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian4.7LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenSMTPD vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenSMTPD vulnerabilities
Title: OpenSMTPD vulnerabilities
Summary: Several security issues were fixed in OpenSMTPD.
It was discovered that OpenSMTPD incorrectly verified the sender's or
receiver's e-mail addresses under certain conditions. An attacker could
possibly use this vulnerability to execute arbitrary commands as root.
(CVE-2020-7247)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
16.04 ESM. (CVE-2020-8793)
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could possibly use this vulnerability to execute
arbitrary shell commands as any non-root user. This issue only affected
Ubuntu 16.04 ES
Ubuntu
OpenSMTPD vulnerabilities
vendor_ubuntu·2020-03-02·CVSS 4.7
CVE-2020-8793 [MEDIUM] OpenSMTPD vulnerabilities
Title: OpenSMTPD vulnerabilities
Summary: Several security issues were fixed in opensmtpd.
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could use this vulnerability to execute arbitrary
shell commands as any non-root user. (CVE-2020-8794)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could read the first
line of any file on the filesystem. (CVE-2020-8793)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-8793: opensmtpd - OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some...
vendor_debian·2020·CVSS 4.7
CVE-2020-8793 [MEDIUM] CVE-2020-8793: opensmtpd - OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some...
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Scope: local
bookworm: resolved (fixed in 6.6.4p1-1)
bullseye: resolved (fixed in 6.6.4p1-1)
forky: resolved (fixed in 6.6.4p1-1)
sid: resolved (fixed in 6.6.4p1-1)
trixie: resolved (fixed in 6.6.4p1-1)
GHSA
GHSA-m2cf-xghm-rxmc: OpenSMTPD before 6
ghsa_unreviewed·2022-05-24
CVE-2020-8793 [MEDIUM] CWE-426 GHSA-m2cf-xghm-rxmc: OpenSMTPD before 6
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
OSV
opensmtpd vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2020-7247 [CRITICAL] opensmtpd vulnerabilities
opensmtpd vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or
receiver's e-mail addresses under certain conditions. An attacker could
possibly use this vulnerability to execute arbitrary commands as root.
(CVE-2020-7247)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
16.04 ESM. (CVE-2020-8793)
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could possibly use this vulnerability to execute
arbitrary shell commands as any non-root user. This issue only affected
Ubuntu 16.04 ESM. (CVE-2020-8794)
OSV
OpenSMTPD vulnerabilities
osv·2020-03-02·CVSS 4.7
CVE-2020-8794 [MEDIUM] OpenSMTPD vulnerabilities
OpenSMTPD vulnerabilities
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could use this vulnerability to execute arbitrary
shell commands as any non-root user. (CVE-2020-8794)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could read the first
line of any file on the filesystem. (CVE-2020-8793)
OSV
CVE-2020-8793: OpenSMTPD before 6
osv·2020-02-25·CVSS 4.7
CVE-2020-8793 [MEDIUM] CVE-2020-8793: OpenSMTPD before 6
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
No detection rules found.
Bugzilla
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all]
bugzilla·2020-02-25·CVSS 4.7
CVE-2020-8793 [MEDIUM] CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all]
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg c
Bugzilla
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation
bugzilla·2020-02-25·CVSS 4.7
CVE-2020-8793 [MEDIUM] CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation
An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file which results in information disclosure or privileges escalation.
Upstream advisory:
https://www.openwall.com/lists/oss-security/2020/02/24/4
Discussion:
Created opensmtpd tracking bugs for this issue:
Affects: epel-all [bug 1806874]
Affects: fedora-all [bug 1806873]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those i
Bugzilla
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [fedora-all]
bugzilla·2020-02-25·CVSS 4.7
CVE-2020-8793 [MEDIUM] CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [fedora-all]
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedp
Trendmicro
CVE-2020-8794 Can Lead to Privilege Escalation and RCE
blogs_trendmicro·2020-03-12·CVSS 9.8
CVE-2020-8794 [CRITICAL] CVE-2020-8794 Can Lead to Privilege Escalation and RCE
Exploits & Vulnerabilities
# CVE-2020-8794 Can Lead to Privilege Escalation and RCE
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) was discovered in OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code.
By: Alexander Elkholy
2020/03/12
Read time: ( words)
Save to Folio
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.
### What is the vulnerability about?
Discovered by Qualys Research Labs and disclosed on February 24, 2020
http://seclists.org/fulldisclosure/2020/Feb/28http://www.openwall.com/lists/oss-security/2020/02/24/4https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://usn.ubuntu.com/4294-1/https://www.openbsd.org/security.htmlhttp://seclists.org/fulldisclosure/2020/Feb/28http://www.openwall.com/lists/oss-security/2020/02/24/4https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://usn.ubuntu.com/4294-1/https://www.openbsd.org/security.html
2020-02-25
Published