Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Oct 2015 15:22:01 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: misc <misc@...nsmtpd.org>
Subject: CVE requests: Critical vulnerabilities in OpenSMTPD

Hello,

See this excerpt from the release notes below. Quite a few bugs. Looks
like at least one of them might invalidate the openbsd.org claim,
"Only two remote holes in the default install, in a heck of a long
time!".

CCing the OpenSMTPD mailing list (low-volume; don't worry Solar!) in
case they want to chime in too.

Jason



---------- Forwarded message ----------
From: Gilles Chehade <gilles@...lp.org>
Date: Fri, Oct 2, 2015 at 4:01 AM
Subject: Announce: OpenSMTPD 5.7.2 released
To: misc@...nsmtpd.org

[...snip...]


Issues fixed in this release (5.7.2, since 5.7.1):
===========================================

- an oversight in the portable version of fgetln() that allows attackers
  to read and write out-of-bounds memory;

- multiple denial-of-service vulnerabilities that allow local users to
  kill or hang OpenSMTPD;

- a stack-based buffer overflow that allows local users to crash
  OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;

- a hardlink attack (or race-conditioned symlink attack) that allows
  local users to unset the chflags() of arbitrary files;

- a hardlink attack that allows local users to read the first line of
  arbitrary files (for example, root's hash from /etc/master.passwd);

- a denial-of-service vulnerability that allows remote attackers to fill
  OpenSMTPD's queue or mailbox hard-disk partition;

- an out-of-bounds memory read that allows remote attackers to crash
  OpenSMTPD, or leak information and defeat the ASLR protection;

- a use-after-free vulnerability that allows remote attackers to crash
  OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user;

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ