VDB
CVE-2020-8793
CVE-2020-8793
PUBLISHED
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
EPSS 0.79% · 74.2th percentile
Risk Scores
EPSS Score
0.79%
74.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | opensmtpd | 6.6.1p1-3, 6.6.1p1-1, 6.0.3p1-6build1 |
| Ubuntu:18.04:LTS | opensmtpd | 0, 6.0.2p1-2build1, 6.0.3p1-1 |
| Ubuntu:Pro:16.04:LTS | opensmtpd | 0, 5.7.3p2-1ubuntu0.1~esm1, 5.7.3p2-1 |
| Ubuntu:Pro:14.04:LTS | opensmtpd | *, 5.4.1p1-1, 0 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2020/02/24/4 (nist-nvd)
- https://www.openbsd.org/security.html (circl)
- 20200227 Local information disclosure in OpenSMTPD (CVE-2020-8793) (circl)
- FEDORA-2020-b92d7083ca (circl)
- USN-4294-1 (circl)
- OpenSMTPD 6.6.3 - Arbitrary File Read Exploit (0day-today)
- OpenSMTPD 6.6.3 - Arbitrary File Read Exploit (0day-today)
Timeline
- Feb 25, 2020 CVE Published
- Feb 26, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8793 third-party-advisory
- https://ubuntu.com/security/notices/USN-4294-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4875-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8793 third-party-advisory