Security information for Linux and Exchange

[German]In this blog post I summarize some security information that has come to my attention in the last few hours. These are topics, for which I do not want to publish separate individual contributions in the blog. It is about a critical RCE bug in the Linux OpenBSD SMTP server. And there are details about the Exchange exploit CVE-2020-0688, which was patched recently.

Linux: Critical RCE bug in OpenBSD SMTP server

Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server (which has been in existence since 2015). An attacker could remotely exploit it to execute shell commands as root on the underlying operating system.

Qualys discloses new OpenSMTPD bug (CVE-2020-8794) exploit included: https://t.co/O3Sk8NN6Dy

The previous one was they disclosed in January was exploited in the wild https://t.co/y53tH1kmklhttps://t.co/NN2wsHJZQYhttps://t.co/kV3sn36kfZ

— Catalin Cimpanu (@campuscodi) February 25, 2020

Qualsys has described the vulnerability in this article in plain language. Bleeping Computer has also published an article, which is a bit more readable, with details:  

New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros – by @Ionut_Ilascuhttps://t.co/rzfy1WElPU

— BleepingComputer (@BleepinComputer) February 25, 2020

OpenSMTPD is available on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS).

Details about the Exchange exploit CVE-2020-0688

The Zero-Day Initiative has released details on the exploitation of the recently patched Microsoft Exchange vulnerability CVE-2020-0688.

Want to know how to exploit the recently patched #Microsoft #Exchange CVE-2020-0688? @hexkitchen provides the details on how to take advantage of the fixed cryptographic keys used during installation. https://t.co/N7fds4do5s

— Zero Day Initiative (@thezdi) February 25, 2020

But it's only of interest to people who deal with such vulnerabilities. The rest simply patch their Exchange servers (see this Microsoft page).

This entry was posted in Linux, Office, Security, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *