FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSMTPd -- Local information disclosure

Affected packages
opensmtpd < 6.6.4,1


VuXML ID 76f1ce19-5749-11ea-bff8-c85b76ce9b5a
Discovery 2020-02-24
Entry 2020-02-24

Qualys reports:

We discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server: an unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem).


CVE Name CVE-2020-8793