opensmtpd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Free implementation of the server-side SMTP protocol
Version 6.7.1p1-4 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1105 6.6.3p1-1 6.6.4p1-1 Critical Fixed
AVG-1090 6.6.1p1-1 6.6.2p1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2020-8794 AVG-1105 Critical Yes Arbitrary command execution
An out-of-bounds read vulnerability has been found in the client-side code of OpenSMTPD <= 6.6.3p1, leading to arbitrary command execution via a crafted...
CVE-2020-7247 AVG-1090 Critical Yes Arbitrary command execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root...

Advisories

Date Advisory Group Severity Description
29 Feb 2020 ASA-202002-13 AVG-1105 Critical arbitrary command execution
29 Jan 2020 ASA-202001-6 AVG-1090 Critical arbitrary command execution