[German]In this blog post I summarize some security information that has come to my attention in the last few hours. These are topics, for which I do not want to publish separate individual contributions in the blog. It is about a critical RCE bug in the Linux OpenBSD SMTP server. And there are details about the Exchange exploit CVE-2020-0688, which was patched recently.
Linux: Critical RCE bug in OpenBSD SMTP server
Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server (which has been in existence since 2015). An attacker could remotely exploit it to execute shell commands as root on the underlying operating system.
Qualys discloses new OpenSMTPD bug (CVE-2020-8794) exploit included: https://t.co/O3Sk8NN6Dy
The previous one was they disclosed in January was exploited in the wild https://t.co/y53tH1kmklhttps://t.co/NN2wsHJZQYhttps://t.co/kV3sn36kfZ
— Catalin Cimpanu (@campuscodi) February 25, 2020
Qualsys has described the vulnerability in this article in plain language. Bleeping Computer has also published an article, which is a bit more readable, with details:
New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros – by @Ionut_Ilascuhttps://t.co/rzfy1WElPU
— BleepingComputer (@BleepinComputer) February 25, 2020
OpenSMTPD is available on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS).
Details about the Exchange exploit CVE-2020-0688
The Zero-Day Initiative has released details on the exploitation of the recently patched Microsoft Exchange vulnerability CVE-2020-0688.
Want to know how to exploit the recently patched #Microsoft #Exchange CVE-2020-0688? @hexkitchen provides the details on how to take advantage of the fixed cryptographic keys used during installation. https://t.co/N7fds4do5s
— Zero Day Initiative (@thezdi) February 25, 2020
But it's only of interest to people who deal with such vulnerabilities. The rest simply patch their Exchange servers (see this Microsoft page).