Security News > 2020 > January > Critical RCE flaw in OpenSMTPD, patch available
2020-01-29 13:38
Qualys researchers have discovered a critical vulnerability in OpenBSD's OpenSMTPD mail server, which can allow attackers to execute arbitrary shell commands on the underlying system as root.
OpenSMTPD is an open source implementation of the Simple Mail Transfer Protocol.
OpenSMTPD has also been incorporated in some of them.
The flaw has been responsibly disclosed to OpenSMTPD developers, who have released a patch for OpenBSD. A portable versions of the implementation has also been made available.
They did not say which versions of OpenSMTPD are affected, but promised to provide more details about the flaw "When things settle down".
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/oVbmBSCsISQ/
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)