|
Message-ID: <CAHmME9o2B_FcO57rhDSKg7x-6aiVscP-XHgz3SXnf1GYwUvp7g@mail.gmail.com> Date: Fri, 2 Oct 2015 15:22:01 +0200 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: misc <misc@...nsmtpd.org> Subject: CVE requests: Critical vulnerabilities in OpenSMTPD Hello, See this excerpt from the release notes below. Quite a few bugs. Looks like at least one of them might invalidate the openbsd.org claim, "Only two remote holes in the default install, in a heck of a long time!". CCing the OpenSMTPD mailing list (low-volume; don't worry Solar!) in case they want to chime in too. Jason ---------- Forwarded message ---------- From: Gilles Chehade <gilles@...lp.org> Date: Fri, Oct 2, 2015 at 4:01 AM Subject: Announce: OpenSMTPD 5.7.2 released To: misc@...nsmtpd.org [...snip...] Issues fixed in this release (5.7.2, since 5.7.1): =========================================== - an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory; - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD; - a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user; - a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files; - a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd); - a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition; - an out-of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection; - a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.