OpenSMTPD Local Information Disclosure



Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD’s mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root’s password hash in /etc/master.passwd) or the entire contents of another user’s file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.



Source link

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *