FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSMTPd -- critical LPE / RCE vulnerability

Affected packages
6.4.0,1 <= opensmtpd < 6.6.2,1

Details

VuXML ID 08f5c27d-4326-11ea-af8b-00155d0a0200
Discovery 2020-01-28
Entry 2020-01-29

OpenSMTPD developers report:

An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user

[source]

References

CVE Name CVE-2020-7247
URL https://www.openwall.com/lists/oss-security/2020/01/28/3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.