Security News > 2020 > January > Critical RCE flaw in OpenSMTPD, patch available
2020-01-29 13:38
Qualys researchers have discovered a critical vulnerability in OpenBSD's OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root.
OpenSMTPD is an open source implementation of the Simple Mail Transfer Protocol.
OpenSMTPD has also been incorporated in some of them.
The flaw has been responsibly disclosed to OpenSMTPD developers, who have released a patch for OpenBSD. A portable versions of the implementation has also been made available.
They did not say which versions of OpenSMTPD are affected, but promised to provide more details about the flaw "When things settle down".
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/oVbmBSCsISQ/
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)