cve/2020/CVE-2020-8793.md

CVE-2020-8793

Description

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

POC

Reference

• http://seclists.org/fulldisclosure/2020/Feb/28
• http://www.openwall.com/lists/oss-security/2020/02/24/4

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/DmitrijVC/OpenSMTPD-RS
• https://github.com/FssAy/OpenSMTPD-RS
• https://github.com/bcoles/local-exploits