FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSMTPd -- Local information disclosure

Affected packages
opensmtpd < 6.6.4,1

Details

VuXML ID 76f1ce19-5749-11ea-bff8-c85b76ce9b5a
Discovery 2020-02-24
Entry 2020-02-24

Qualys reports:

We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).

[source]

References

CVE Name CVE-2020-8793
URL https://www.openwall.com/lists/oss-security/2020/02/24/4

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.