Security News > 2020 > February > OpenSMTPD Vulnerability Leads to Command Injection
An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution.
The issue resides in OpenSMTPD's client-side code, which delivers mail to remote SMTP servers, and exploitation is possible either client-side, or server-side, explains security firm Qualys, which discovered the vulnerability.
When OpenSMTPD connects to the attacker's mail server to deliver the bounce, the attacker exploits the client-side vulnerability.
To achieve shell command execution, the attacker needs to crash OpenSMTPD and wait for it to be restarted.
A second vulnerability found in OpenSMTPD allows an unprivileged local attacker to read the first line of an arbitrary file or the entire contents of another user's file.