OpenBSD Mail Server OpenSMTPD Allows Remote Exectution Of Arbitrary Shell Commands As Root

Posted on by

A remotely-exploitable vulnerability for OpenSMTPD, OpenBSD's mail server, present since May 2018, has been made public (archived). It enables an attacker to execute arbitrary shell commands with root privileges.

Notably, the proof-of-concept exploit makes use of routines which first made an appearance in the Morris worm of 1988.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>