SB2020122905 - Multiple vulnerabilities in OpenSMTPD
Published: December 29, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2020-35680)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in smtpd/lka_filter.c in certain configurations. A remote attacker can trigger denial of service conditions via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
2) Memory leak (CVE-ID: CVE-2020-35679)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in smtpd/table.c when processing messages. A remote attacker can send a specially crafted message and trigger the daemon to perform multiple regex lookups, which in turn will leak memory.
Remediation
Install update from vendor's website.
References
- https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1
- https://poolp.org/posts/2020-12-24/december-2020-opensmtpd-6.8.0p1-released-fixed-several-bugs-proposed-several-diffs-book-is-on-github/
- https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html
- https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043