oss-sec mailing list archives
CVE requests: Critical vulnerabilities in OpenSMTPD
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Fri, 2 Oct 2015 15:22:01 +0200
Hello, See this excerpt from the release notes below. Quite a few bugs. Looks like at least one of them might invalidate the openbsd.org claim, "Only two remote holes in the default install, in a heck of a long time!". CCing the OpenSMTPD mailing list (low-volume; don't worry Solar!) in case they want to chime in too. Jason ---------- Forwarded message ---------- From: Gilles Chehade <gilles () poolp org> Date: Fri, Oct 2, 2015 at 4:01 AM Subject: Announce: OpenSMTPD 5.7.2 released To: misc () opensmtpd org [...snip...] Issues fixed in this release (5.7.2, since 5.7.1): =========================================== - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out-of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;
Current thread:
- CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi (Oct 02)