PublicDateAtUSN: 2020-02-25 17:15:00 UTC
Candidate: CVE-2020-8793
PublicDate: 2020-02-25 17:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8793
 https://ubuntu.com/security/notices/USN-4294-1
Description:
 OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on
 some Linux distributions) because of a combination of an untrusted search
 path in makemap.c and race conditions in the offline functionality in
 smtpd.c.
Ubuntu-Description: 
Notes: 
Mitigation: 
 Ubuntu ships with /proc/sys/fs/protected_hardlinks enabled by default,
 making this vulnerability not exploitable.
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N [4.7 MEDIUM]


Tags_opensmtpd: hardlink-restriction
Patches_opensmtpd:
upstream_opensmtpd: needs-triage
precise/esm_opensmtpd: DNE
trusty_opensmtpd: ignored (out of standard support)
trusty/esm_opensmtpd: DNE
xenial_opensmtpd: ignored (end of standard support, was needed)
bionic_opensmtpd: released (6.0.3p1-1ubuntu0.2)
eoan_opensmtpd: released (6.0.3p1-6ubuntu0.2)
focal_opensmtpd: released (6.6.4p1-1)
groovy_opensmtpd: released (6.6.4p1-1)
hirsute_opensmtpd: released (6.6.4p1-1)
impish_opensmtpd: released (6.6.4p1-1)
jammy_opensmtpd: released (6.6.4p1-1)
devel_opensmtpd: released (6.6.4p1-1)