Summary
| Detail | |||
|---|---|---|---|
| Vendor | Opensmtpd | First view | 2020-02-25 |
| Product | Opensmtpd | Last view | 2020-12-24 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:opensmtpd:opensmtpd | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2020-12-24 | CVE-2020-35680 | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. |
| 7.5 | 2020-12-24 | CVE-2020-35679 | smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. |
| 9.8 | 2020-02-25 | CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. |
| 4.7 | 2020-02-25 | CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-476 | NULL Pointer Dereference |
| 20% (1) | CWE-426 | Untrusted Search Path |
| 20% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 20% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 20% (1) | CWE-125 | Out-of-bounds Read |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-07-29 | OpenSMTPD mta_io remote command injection attempt RuleID : 54388 - Type : SERVER-OTHER - Revision : 1 |
| 2020-07-02 | OpenSMTPD mta_io remote command injection attempt RuleID : 54122 - Type : SERVER-OTHER - Revision : 1 |
