Security researchers at Qualys say they’ve identified a remotely exploitable vulnerability in OpenBSD’s mail server — used by a range of Linux distributions.
The critical vulnerability is in OpenSMTPD, a free mail transfer agent that lets machines exchange emails with other systems speaking the SMTP protocol.
The OpenSMTPD vulnerability, which has been exploitable since May 2018, allows an attacker to execute arbitrary shell commands, as root in two ways:
- Locally, in OpenSMTPD’s default configuration (which listens on
the loopback interface and only accepts mail from localhost);
- Remotely, in its “uncommented” default configuration (which listens on all interfaces and
To see the full content, share this page by clicking one of the buttons below