OpenSMTPD Local Information Disclosure

Posted by deepcore on February 26, 2020 – 7:48 am

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD’s mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root’s password hash in /etc/master.passwd) or the entire contents of another user’s file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« OpenSMTPD Out-Of-Bounds Read Astak CM-818T3 Remote Configuration Disclosure »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

OpenSMTPD Local Information Disclosure

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL