Qualys has put out an advisory regarding a vulnerability in OpenBSD's OpenSMTPD mail server. It "allows an attacker to execute arbitrary shell commands, as root: either locally, in OpenSMTPD's default configuration (which listens on the loopback interface and only accepts mail from localhost); or locally and remotely, in OpenSMTPD's 'uncommented' default configuration (which listens on all interfaces and accepts external mail)." OpenBSD users would be well advised to update quickly.
Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds