LPE and RCE in OpenSMTPD's Default Install (CVE-2020-8794) (Feb 24, 2020)
Qualys has released a security advisory for OpenSMTPD. OpenSMTPD is the default mail server used by OpenBSD but is also available for many Linux distributions. The vulnerability is an out-of-bounds read that can lead to a local privilege escalation (LPE) and remote code execution (RCE). It has been designated the enumeration of CVE-2020-8794. Qualys has confirmed that the vulnerability is exploitable on OpenBSD 6.6, OpenBSD 5.9, Debian 10, Debian 11, and Fedora 31.
Recommendation: It is important that your company has patch-maintenance policies in place. Once a vulnerability has been reported on in open sources, threat actors will likely attempt to incorporate the exploitation of the vulnerability into their malicious operations. Patches should be reviewed and applied as soon as possible to prevent potential malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.