CVE-2023-29323
https://notcve.org/view.php?id=CVE-2023-29323
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. • https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.49&r2=1.49.4.1&f=h https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.50.4.1&f=h https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/envelope.c.diff?r1=1.50&r2=1.51&f=h https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/020_smtpd •
CVE-2020-7247 – OpenSMTPD Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-7247
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. La función smtp_mailaddr en el archivo smtp_session.c en OpenSMTPD versión 6.6, como es usado en OpenBSD versión 6.6 y otros productos, permite a atacantes remotos ejecutar comandos arbitrarios como root por medio de una sesión SMTP diseñada, como es demostrado por metacaracteres de shell en un campo MAIL FROM. Esto afecta la configuración predeterminada "uncommented". • https://www.exploit-db.com/exploits/47984 https://www.exploit-db.com/exploits/48038 https://www.exploit-db.com/exploits/48051 https://github.com/QTranspose/CVE-2020-7247-exploit https://github.com/bytescrappers/CVE-2020-7247 https://github.com/r0lh/CVE-2020-7247 https://github.com/SimonSchoeni/CVE-2020-7247-POC https://github.com/f4T1H21/CVE-2020-7247 http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html http://packetstormsecurity.com/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-755: Improper Handling of Exceptional Conditions •
CVE-2015-7687
https://notcve.org/view.php?id=CVE-2015-7687
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. Uso de memoria previamente liberada en OpenSMTPD en versiones anteriores a la 5.7.2 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado) o que ejecuten código arbitrario mediante vectores relacionados con req_ca_vrfy_smtp y req_ca_vrfy_mta. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169600.html http://www.openwall.com/lists/oss-security/2015/10/03/1 http://www.securityfocus.com/bid/76975 https://bugzilla.redhat.com/show_bug.cgi?id=1268793 https://www.opensmtpd.org/announces/release-5.7.2.txt https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt • CWE-416: Use After Free •
CVE-2013-2125
https://notcve.org/view.php?id=CVE-2013-2125
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. OpenSMTPD anterior a 5.3.2 no maneja debidamente sesiones SSL, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo de conexión) mediante una conexión que se mantiene abierta. • http://git.zx2c4.com/OpenSMTPD/commit/?id=38b26921bad5fe24ad747bf9d591330d683728b0 http://osvdb.org/93495 http://seclists.org/oss-sec/2013/q2/362 http://seclists.org/oss-sec/2013/q2/366 http://secunia.com/advisories/53353 https://exchange.xforce.ibmcloud.com/vulnerabilities/84388 • CWE-310: Cryptographic Issues •