Vulnerability in Qmail mail transport agent allows RCE

2020-05-20 12:12

Qualys researchers have found a way to exploit an previously known vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution and local code execution.

"We investigated many qmail packages, and *all* of them limit qmail-smtpd's memory, but *none* of them limits qmail-local's memory," they added.

"As a proof of concept, we developed a reliable, local and remote exploit against Debian's qmail package in its default configuration. This proof of concept requires 4GB of disk space and 8GB of memory, and allows an attacker to execute arbitrary shell commands as any user, except root."

The've also unearthed two vulnerabilities in qmail-verify, a third-party qmail patch that is not part of Qmail but is included in Debian's qmail package and other Qmail forks: a mail-address verification bypass and a local information disclosure bug.

Qualys wrote a patch for Debian's qmail package that fixes the qmail-verify issues and all three 2005 CVEs in Qmail - the latter by hard-coding a safe, upper memory limit in the alloc() function.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/LK_htiX_3pg/

#RCE #vulnerability

News URL

Related news