Security News > 2020 > January > Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers

Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
2020-01-30 01:07

Cybersecurity researchers have discovered a new critical vulnerability in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.

OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

"Qualys researchers were able to overcome these limitations using a technique from the Morris Worm by executing the body of the mail as a shell script in Sendmail."

The researchers have also released a proof-of-concept exploit code demonstrating the OpenSMTPD vulnerability.

Qualys responsibly reported the flaw to OpenSMTPD developers, who earlier today released OpenSMTPD version 6.6.2p1 with a patch and also pushed an update for OpenBSD users.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/swuZzA5fo2M/openbsd-opensmtpd-hacking.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
Openbsd 5 1 36 38 15 90