RCE in OpenSMTPD library impacts BSD and Linux distros


Security researchers have discovered a vulnerability inside a core email-related library used by many BSD and Linux distributions. The vulnerability, tracked as CVE-2020-7247, impacts OpenSMTPD, an open-source implementation of the server-side SMTP protocol.

The library is normally included with distros that are designed to operate on servers, allowing the server to handle SMTP-related email messages and traffic. The OpenSMTPD library was initially developed for the OpenBSD operating system, but the library was open-sourced, and its “portable version” has also been incorporated into other OSes, such as FreeBSD, NetBSD, and some Linux distros, such as Debian, Fedora, Alpine Linux, and more.

[Source: ZDNet]