This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Opensmtpd First view 2020-02-25
Product Opensmtpd Last view 2020-12-24
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:opensmtpd:opensmtpd

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-12-24 CVE-2020-35680

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

7.5 2020-12-24 CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.

9.8 2020-02-25 CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

4.7 2020-02-25 CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-476 NULL Pointer Dereference
20% (1) CWE-426 Untrusted Search Path
20% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
20% (1) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
20% (1) CWE-125 Out-of-bounds Read

Snort® IPS/IDS

Date Description
2020-07-29 OpenSMTPD mta_io remote command injection attempt
RuleID : 54388 - Type : SERVER-OTHER - Revision : 1
2020-07-02 OpenSMTPD mta_io remote command injection attempt
RuleID : 54122 - Type : SERVER-OTHER - Revision : 1