Security News > 2020 > January > Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
Cybersecurity researchers have discovered a new critical vulnerability in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.
"Qualys researchers were able to overcome these limitations using a technique from the Morris Worm by executing the body of the mail as a shell script in Sendmail."
The researchers have also released a proof-of-concept exploit code demonstrating the OpenSMTPD vulnerability.
Qualys responsibly reported the flaw to OpenSMTPD developers, who earlier today released OpenSMTPD version 6.6.2p1 with a patch and also pushed an update for OpenBSD users.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/swuZzA5fo2M/openbsd-opensmtpd-hacking.html
Related news
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)