OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)

Summary: Recently there was a discovery of vulnerabaility tracked as (CVE-2020-7247) in OpenSMTPD, OpenBSD’s mail server. This vulnerability was exploitable since May 2018 (commit a8e222352f, “switch smtpd to new grammar”) that allows an attacker to execute arbitrary shell commands, as root: >>  either locally, in OpenSMTPD’s default configuration (that listens on loopback interface and only … Continue reading “OpenBSD OpenSMTPD Remote Command Execution Vulnerability (CVE-2020-7247)”

OpenBSD Authentication Bypass Vulnerability

 Summary: Qualys researchers discovered an authentication-bypass vulnerability (CVE-2019-19521) in OpenBSD’s authentication system.   An attacker can exploit this issue by sending a specially-crafted username to bypass OpenBSD’s authentication. This vulnerability is remotely exploitable.   Vulnerability: OpenBSD uses BSD Authentication, which is made up of a variety of authentication styles. The vulnerability is composed of 2 following … Continue reading “OpenBSD Authentication Bypass Vulnerability”