Unpleasant vulnerability in OpenSMTPD
Unpleasant vulnerability in OpenSMTPD
[Security] Posted Jan 29, 2020 16:08 UTC (Wed) by corbet
Qualys has put out an advisory regarding a vulnerability in OpenBSD's
OpenSMTPD mail server. It "allows an attacker to execute arbitrary shell
commands, as root: either locally, in OpenSMTPD's default configuration (which listens on
the loopback interface and only accepts mail from localhost);
or locally and remotely, in OpenSMTPD's 'uncommented' default
configuration (which listens on all interfaces and accepts external
mail).
" OpenBSD users would be well advised to update quickly.