Security News > 2020 > May > Vulnerability in Qmail mail transport agent allows RCE
Qualys researchers have found a way to exploit an previously known vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution and local code execution.
"We investigated many qmail packages, and *all* of them limit qmail-smtpd's memory, but *none* of them limits qmail-local's memory," they added.
"As a proof of concept, we developed a reliable, local and remote exploit against Debian's qmail package in its default configuration. This proof of concept requires 4GB of disk space and 8GB of memory, and allows an attacker to execute arbitrary shell commands as any user, except root."
The've also unearthed two vulnerabilities in qmail-verify, a third-party qmail patch that is not part of Qmail but is included in Debian's qmail package and other Qmail forks: a mail-address verification bypass and a local information disclosure bug.
Qualys wrote a patch for Debian's qmail package that fixes the qmail-verify issues and all three 2005 CVEs in Qmail - the latter by hard-coding a safe, upper memory limit in the alloc() function.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/LK_htiX_3pg/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Palo Alto Networks warns of potential PAN-OS RCE vulnerability (source)