Security News
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers.
Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
The delivery agent is invoked by OpenSMTPD executing a shell command, which includes the sender's address as a command-line parameter. Thus, whatever sender address is supplied by an email client, it can't smuggle in extra commands.
Cybersecurity researchers have discovered a new critical vulnerability in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.
Your quick summary of infosec news beyond everything else we've reported Roundup Here's your Register security roundup of infosec news about stuff that's unfit for production but fit for print.…
Meanwhile, the DOJ sets its sights on money mules Welcome to yet another El Reg security roundup. Off we go.…
One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.
OpenVPN, WireGuard, IKEv2/IPSec also vulnerable to unmasking flaw, we're told A bug in the way Unix-flavored systems handle TCP connections could put VPN users at risk of having their encrypted...
The authentication bypass (CVE-2019-19521) is remotely exploitable.
OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type...
Security-oriented BSD operating system OpenBSD has decided to disable support for Intel's hyper-threading performance-boosting feature, citing security concerns over Spectre-style timing attacks....