Critical Bug Fix: OpenBSD Vulnerability Needs Urgent Patching – RCE With Morris Worm Inspiration


Security researchers at Qualys say they’ve identified a remotely exploitable vulnerability in OpenBSD’s mail server — used by a range of Linux distributions.

The critical vulnerability is in OpenSMTPD, a free mail transfer agent that lets machines exchange emails with other systems speaking the SMTP protocol.

The OpenSMTPD vulnerability, which has been exploitable since May 2018, allows an attacker to execute arbitrary shell commands, as root in two ways:

  • Locally, in OpenSMTPD’s default configuration (which listens on
    the loopback interface and only accepts mail from localhost);
  • Remotely, in its “uncommented” default configuration (which listens on all interfaces and
    To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.