Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2020-8793 — Time-of-check Time-of-use (TOCTOU) Race Condition in Opensmtpd
Severity
4.7MEDIUMNVD
OSV9.8
EPSS
0.8%
top 26.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 25
Latest updateMay 24
Description
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 18.04, 19.10, Fedora 32
🔴Vulnerability Details
5💥Exploits & PoCs
1📋Vendor Advisories
3🕵️Threat Intelligence
1💬Community
3Bugzilla▶
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [epel-all]↗2020-02-25
Bugzilla▶
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation↗2020-02-25
Bugzilla▶
CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged attacker can result in information disclosure or privilege escalation [fedora-all]↗2020-02-25