Major vulnerabilities in opensmtpd resulting in RCE and DOS
Bug #1861242 reported by
Ryan Kavanagh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| opensmtpd (Debian) |
Fix Released
|
Unknown
|
|||
| opensmtpd (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
| Bionic |
Fix Released
|
Critical
|
Unassigned | ||
| Eoan |
Fix Released
|
Critical
|
Unassigned | ||
Bug Description
opensmtpd versions >= 6 have two vulnerabilities:
An incorrect check allows an attacker to trick mbox delivery into executing
arbitrary commands as root and lmtp delivery into executing arbitrary commands
as an unprivileged user.
smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
CVE References
| Changed in opensmtpd (Debian): | |
| status: | Unknown → Confirmed |
Revision history for this message
| Colin Watson (cjwatson) wrote | #1 |
| Changed in opensmtpd (Ubuntu Bionic): | |
| status: | New → Confirmed |
| importance: | Undecided → Critical |
| Changed in opensmtpd (Ubuntu Eoan): | |
| status: | New → Confirmed |
| importance: | Undecided → Critical |
| Changed in opensmtpd (Ubuntu): | |
| status: | Confirmed → Fix Released |
| information type: | Public → Public Security |
Revision history for this message
| Ryan Kavanagh (ryanakca) wrote | #2 |
Revision history for this message
| Ryan Kavanagh (ryanakca) wrote | #3 |
| Changed in opensmtpd (Debian): | |
| status: | Confirmed → Fix Released |
| Changed in opensmtpd (Ubuntu Bionic): | |
| status: | Confirmed → Fix Released |
| Changed in opensmtpd (Ubuntu Eoan): | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
Ubuntu focal has 6.6.2p1-1 now as a result of an auto-sync from Debian. I've opened tasks for other series that have versions >= 6.