Test ID:	1.3.6.1.4.1.25623.1.1.12.2021.4875.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4875-1)
Summary:	The remote host is missing an update for the 'opensmtpd' package(s) announced via the USN-4875-1 advisory.
Description:	Summary: The remote host is missing an update for the 'opensmtpd' package(s) announced via the USN-4875-1 advisory. Vulnerability Insight: It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. (CVE-2020-7247) It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-8793) It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could possibly use this vulnerability to execute arbitrary shell commands as any non-root user. This issue only affected Ubuntu 16.04 ESM. (CVE-2020-8794) Affected Software/OS: 'opensmtpd' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-7247 Bugtraq: 20200129 [SECURITY] [DSA 4611-1] opensmtpd security update (Google Search) https://seclists.org/bugtraq/2020/Jan/51 CERT/CC vulnerability note: VU#390745 https://www.kb.cert.org/vuls/id/390745 Debian Security Information: DSA-4611 (Google Search) https://www.debian.org/security/2020/dsa-4611 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ http://seclists.org/fulldisclosure/2020/Jan/49 http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2020/01/28/3 https://usn.ubuntu.com/4268-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8793 http://seclists.org/fulldisclosure/2020/Feb/28 https://www.openbsd.org/security.html http://www.openwall.com/lists/oss-security/2020/02/24/4 https://usn.ubuntu.com/4294-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8794 Debian Security Information: DSA-4634 (Google Search) https://www.debian.org/security/2020/dsa-4634 http://seclists.org/fulldisclosure/2020/Feb/32 http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html https://www.openwall.com/lists/oss-security/2020/02/24/5 http://www.openwall.com/lists/oss-security/2020/02/26/1 http://www.openwall.com/lists/oss-security/2020/03/01/1 http://www.openwall.com/lists/oss-security/2020/03/01/2 http://www.openwall.com/lists/oss-security/2021/05/04/7
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.