Arch Linux Security Advisory ASA-201510-5
========================================
Severity: Critical
Date    : 2015-10-08
CVE-ID  : CVE-2015-7687
Package : opensmtpd
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package opensmtpd before version 5.7.3p1-1 is vulnerable to multiple
issues including but not limited to arbitrary code execution, denial of
service and information disclosure.

Resolution
=========
Upgrade to 5.7.3p1-1.

# pacman -Syu "opensmtpd>=5.7.3p1-1"

The problems have been fixed upstream in version 5.7.3p1.

Workaround
=========
None.

Description
==========
- an oversight in the portable version of fgetln() that allows attackers
  to read and write out-of-bounds memory

- multiple denial-of-service vulnerabilities that allow local users to
  kill or hang OpenSMTPD

- a stack-based buffer overflow that allows local users to crash
  OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user

- a hardlink attack (or race-conditioned symlink attack) that allows
  local users to unset the chflags() of arbitrary files

- a hardlink attack that allows local users to read the first line of
  arbitrary files (for example, root's hash from /etc/master.passwd)

- a denial-of-service vulnerability that allows remote attackers to fill
  OpenSMTPD's queue or mailbox hard-disk partition

- an out-of-bounds memory read that allows remote attackers to crash
  OpenSMTPD, or leak information and defeat the ASLR protection

- a use-after-free vulnerability that allows remote attackers to crash
  OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user

- fix an mda buffer truncation bug which allows a user to create forward
  files that pass session checks but fail delivery later down the chain,
  within the user mda

- fix remote buffer overflow in unprivileged pony process

- reworked offline enqueue to better protect against hardlink attacks

Impact
=====
A remote attacker is able to execute arbitrary code, crash the process
to perform a denial of service attack, read arbitrary memory to disclose
information and defeat ASLR or have other unspecified impact via various
vectors.

References
=========
https://access.redhat.com/security/cve/CVE-2015-7687
https://www.opensmtpd.org/announces/release-5.7.2.txt
https://www.opensmtpd.org/announces/release-5.7.3.txt
https://seclists.org/oss-sec/2015/q4/17
https://bugs.archlinux.org/task/46605

ArchLinux: 201510-5: opensmtpd: multiple issues

October 8, 2015

Summary

- an oversight in the portable version of fgetln() that allows attackers to read and write out-of-bounds memory - multiple denial-of-service vulnerabilities that allow local users to kill or hang OpenSMTPD
- a stack-based buffer overflow that allows local users to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user
- a hardlink attack (or race-conditioned symlink attack) that allows local users to unset the chflags() of arbitrary files
- a hardlink attack that allows local users to read the first line of arbitrary files (for example, root's hash from /etc/master.passwd)
- a denial-of-service vulnerability that allows remote attackers to fill OpenSMTPD's queue or mailbox hard-disk partition
- an out-of-bounds memory read that allows remote attackers to crash OpenSMTPD, or leak information and defeat the ASLR protection
- a use-after-free vulnerability that allows remote attackers to crash OpenSMTPD, or execute arbitrary code as the non-chrooted _smtpd user
- fix an mda buffer truncation bug which allows a user to create forward files that pass session checks but fail delivery later down the chain, within the user mda
- fix remote buffer overflow in unprivileged pony process
- reworked offline enqueue to better protect against hardlink attacks

Resolution

Upgrade to 5.7.3p1-1. # pacman -Syu "opensmtpd>=5.7.3p1-1"
The problems have been fixed upstream in version 5.7.3p1.

References

https://access.redhat.com/security/cve/CVE-2015-7687 https://www.opensmtpd.org/announces/release-5.7.2.txt https://www.opensmtpd.org/announces/release-5.7.3.txt https://seclists.org/oss-sec/2015/q4/17 https://bugs.archlinux.org/task/46605

Severity
Package : opensmtpd
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

None.

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved