CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensmtpd:opensmtpd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Information

Published : 2020-02-25 09:15

Updated : 2022-01-01 11:30


NVD link : CVE-2020-8793

Mitre link : CVE-2020-8793


JSON object : View

CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-426

Untrusted Search Path

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

opensmtpd

  • opensmtpd

fedoraproject

  • fedora