Comprehensive software reviews to make better IT decisions
Qualys Discovers Critical Flaw With OpenBSD Mail Server, Multiple Programs Vulnerable
This week Qualys 91ÖÆƬ³§ Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw – identified as – allows for an attacker to execute arbitrary code with command privileges. OpenSMTPD as a service is present in many Linux distributions such as FreeBSD, Debian, Fedora, and Alpine. Although it was discovered only recently, it is possiblethe vulnerability has been present since May 2018. Qualys discovered an easy work around for this problem through its research using the Morris Worm.
|
|
Using a technique from the Morris Worm, Qualys was able to bypass the limitations The key finding from Qualys 91ÖÆƬ³§ Lab was that the technical expertise required to execute a successful attack using this vulnerability was low. Once it was discovered, Qualys worked quickly with OpenBSD to make sure that the vulnerability was disclosed in tandem with the patch to fix it. As of now it is unknown if any successful attacks were already carried out using the exploit.
Our Take
Users who operate OpenBSD and Linux distribution should patch their systems immediately. The OpenSMTPD development team prepared a patch that is available both on and . While both OpenBSD and Linux distributions are a smaller subset of the market share, both are commonly used in business operations today. Furthermore, it is unknown . Potentially any Linux-based OS or OpenBSDs are compromised. If you operate either a Linux distribution or OpenBSD you should seek to remediate your systems immediately. Companies like IBM, Google, and Amazon among others are certain systems and servers using Linux distributions.