oss-sec mailing list archives

CVE request: OpenSMTPD 5.7.2

From: Kristian Fiskerstrand <kristian.fiskerstrand () sumptuouscapital com>
Date: Fri, 2 Oct 2015 15:11:06 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear all,

OpenSMTPd announced version 5.7.2 today[0] listing the following
issues, if CVEs have not been requested for these issues already,
might some be assigned, please?

Issues fixed in this release (since 5.7.1):
===========================================

- - an oversight in the portable version of fgetln() that allows attackers
  to read and write out-of-bounds memory;

- - multiple denial-of-service vulnerabilities that allow local users to
  kill or hang OpenSMTPD;

- - a stack-based buffer overflow that allows local users to crash
  OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;

- - a hardlink attack (or race-conditioned symlink attack) that allows
  local users to unset the chflags() of arbitrary files;

- - a hardlink attack that allows local users to read the first line of
  arbitrary files (for example, root's hash from /etc/master.passwd);

- - a denial-of-service vulnerability that allows remote attackers to fill
  OpenSMTPD's queue or mailbox hard-disk partition;

- - an out-of-bounds memory read that allows remote attackers to crash
  OpenSMTPD, or leak information and defeat the ASLR protection;

- - a use-after-free vulnerability that allows remote attackers to crash
  OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;


References:
[0] https://www.opensmtpd.org/announces/release-5.7.2.txt

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Excellence is not a singular act but a habit. You are what you do
repeatedly."
(Shaquille O'Neal)
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWDoJmAAoJECULev7WN52FwIUIAJFWaOhKmNNJ8Pj0dqf96kIx
sn4oZG/iD8oJn/KjNDoAVCilujxJ7NV8gWMzNqHRVUwGkEcfAmkfmfJjsKpr24ZE
m9fWP82k36WPaLl9kM4arL2PeWEDEooOpjiAgE5Jj+pfoONU4MU9yDTeAmsSx5Zt
UC0dZILlTBNFGg7Dxl9wzZhkTlgTq5ukx9j+5LKUzF3QlOixj0+uqOqxX+iz+Cny
3kDDmvEYA/79kIMpnao609ntrWg3NCRTFm6EK38XidncI+NqYSF2Vt3TBcm8Beqg
GicW+itboy3305PFXWrZOJSg7/wxG7wJnw9NWZj2Dz2buCJ1sRir8KUaecqQpqA=
=7++X
-----END PGP SIGNATURE-----

Current thread:

CVE request: OpenSMTPD 5.7.2 Kristian Fiskerstrand (Oct 02)