Security News > 2020 > January > Critical RCE flaw in OpenSMTPD, patch available
2020-01-29 13:38
Qualys researchers have discovered a critical vulnerability in OpenBSD's OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root.
OpenSMTPD is an open source implementation of the Simple Mail Transfer Protocol.
OpenSMTPD has also been incorporated in some of them.
The flaw has been responsibly disclosed to OpenSMTPD developers, who have released a patch for OpenBSD. A portable versions of the implementation has also been made available.
They did not say which versions of OpenSMTPD are affected, but promised to provide more details about the flaw "When things settle down".
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/oVbmBSCsISQ/
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Patch now: Critical Nvidia bug allows container escape, complete host takeover (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)