Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 712046 (CVE-2020-8793, CVE-2020-8794) - <mail-mta/opensmtpd-6.6.4_p1: multiple vulnerabilities (CVE-2020-{8793,8794})
Summary: <mail-mta/opensmtpd-6.6.4_p1: multiple vulnerabilities (CVE-2020-{8793,8794})
Status: RESOLVED FIXED
Alias: CVE-2020-8793, CVE-2020-8794
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: ~2 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-10 09:36 UTC by filip ambroz
Modified: 2020-04-08 05:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-03-10 09:36:56 UTC
CVE-2020-8793
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8793
https://nvd.nist.gov/vuln/detail/CVE-2020-8793



CVE-2020-8794
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. 

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8794
https://nvd.nist.gov/vuln/detail/CVE-2020-8794
Comment 1 filip ambroz 2020-03-10 09:40:20 UTC
version 6.0.3_p1-r3 in tree
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-10 10:02:07 UTC
Cleanup has been done 3 days ago:

commit ea5bd9d4206b4e0c2c75a03337509e0d6d72ef51
Author: Jason A. Donenfeld <zx2c4@gentoo.org>
Date:   Sat Mar 7 08:30:24 2020 +0800

    mail-mta/opensmtpd: remove ancient ~6.0.3_p1 version
    
    Closes: https://bugs.gentoo.org/710754
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Jason A. Donenfeld <zx2c4@gentoo.org>