Security News

OpenBSD 7.6 released: security improvements, new hardware support, and more!
2024-10-08 17:56

OpenBSD is a free, multi-platform 4.4BSD-based UNIX-like operating system. The 57th release, OpenBSD 7.6, comes with new features, various improvements, bug fixes, and tweaks. Security...

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers
2020-02-25 02:54

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers.

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
2020-01-30 05:56

The delivery agent is invoked by OpenSMTPD executing a shell command, which includes the sender's address as a command-line parameter. Thus, whatever sender address is supplied by an email client, it can't smuggle in extra commands.

Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
2020-01-30 01:07

Cybersecurity researchers have discovered a new critical vulnerability in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

VMware warning, OpenBSD gimme-root hole again, telco hit with GDPR fine, Ring camera hijackings, and more
2019-12-16 09:11

Your quick summary of infosec news beyond everything else we've reported Roundup Here's your Register security roundup of infosec news about stuff that's unfit for production but fit for print.…

OpenBSD bugs, Microsoft's bad update, a new Nork hacking crew, and more
2019-12-07 10:01

Meanwhile, the DOJ sets its sights on money mules Welcome to yet another El Reg security roundup. Off we go.…

OpenBSD devs patch authentication bypass bug
2019-12-06 11:31

One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.

Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads
2019-12-06 05:01

OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to unmasking flaw, we're told A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted...

OpenBSD Hit with Authentication, LPE Bugs
2019-12-05 16:06

The authentication bypass (CVE-2019-19521) is remotely exploitable.

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
2019-12-05 03:31

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type...