OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)

Summary: Recently there was a discovery of vulnerabaility tracked as (CVE-2020-7247) in OpenSMTPD, OpenBSD’s mail server. This vulnerability was exploitable since May 2018 (commit a8e222352f, “switch smtpd to new grammar”) that allows an attacker to execute arbitrary shell commands, as root: >>  either locally, in OpenSMTPD’s default configuration (that listens on loopback interface and only … Continue reading “OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)”

OpenBSD Local Privilege Escalation Vulnerability CVE-2019-19726

 Summary: Qualys researchers discovered a local privilege escalation vulnerability in OpenBSD’s dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges to attackers who has a low privilege on the system.   Vulnerability: In OpenBSD with a low memory conditions, “_dl_split_path” function … Continue reading “OpenBSD Local Privilege Escalation Vulnerability CVE-2019-19726”

OpenBSD Authentication Bypass Vulnerability

 Summary: Qualys researchers discovered an authentication-bypass vulnerability (CVE-2019-19521) in OpenBSD’s authentication system.   An attacker can exploit this issue by sending a specially-crafted username to bypass OpenBSD’s authentication. This vulnerability is remotely exploitable.   Vulnerability: OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The vulnerability is composed of 2 following … Continue reading “OpenBSD Authentication Bypass Vulnerability”