OpenSMTPD prior to 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensmtpd opensmtpd |
||
fedoraproject fedora 32 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |