{"id":13395,"date":"2020-02-27T22:06:22","date_gmt":"2020-02-27T21:06:22","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13395"},"modified":"2022-01-12T08:19:30","modified_gmt":"2022-01-12T07:19:30","slug":"security-information-for-linux-and-exchange","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/02\/27\/security-information-for-linux-and-exchange\/","title":{"rendered":"Security information for Linux and Exchange"},"content":{"rendered":"

[German<\/a>]In this blog post I summarize some security information that has come to my attention in the last few hours. These are topics, for which I do not want to publish separate individual contributions in the blog. It is about a critical RCE bug in the Linux OpenBSD SMTP server. And there are details about the Exchange exploit CVE-2020-0688, which was patched recently.<\/p>\n

<\/p>\n

Linux: Critical RCE bug in OpenBSD SMTP server<\/h2>\n

Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server (which has been in existence since 2015). An attacker could remotely exploit it to execute shell commands as root on the underlying operating system. <\/p>\n

\n

Qualys discloses new OpenSMTPD bug (CVE-2020-8794) exploit included: https:\/\/t.co\/O3Sk8NN6Dy<\/a> <\/p>\n

The previous one was they disclosed in January was exploited in the wild https:\/\/t.co\/y53tH1kmkl<\/a>https:\/\/t.co\/NN2wsHJZQY<\/a>https:\/\/t.co\/kV3sn36kfZ<\/a> <\/p>\n

\u2014 Catalin Cimpanu (@campuscodi) February 25, 2020<\/a><\/p>\n<\/blockquote>\n

Qualsys has described the vulnerability in this article<\/a> in plain language. Bleeping Computer has also published an article, which is a bit more readable, with details:   <\/p>\n

\n

New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros – by @Ionut_Ilascu<\/a>https:\/\/t.co\/rzfy1WElPU<\/a> <\/p>\n

\u2014 BleepingComputer (@BleepinComputer) February 25, 2020<\/a><\/p>\n<\/blockquote>\n

OpenSMTPD is available on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS). <\/p>\n

Details about the Exchange exploit CVE-2020-0688<\/h2>\n

The Zero-Day Initiative has released details on the exploitation of the recently patched Microsoft Exchange vulnerability CVE-2020-0688. <\/p>\n

\n

Want to know how to exploit the recently patched #Microsoft<\/a> #Exchange<\/a> CVE-2020-0688? @hexkitchen<\/a> provides the details on how to take advantage of the fixed cryptographic keys used during installation. https:\/\/t.co\/N7fds4do5s<\/a> <\/p>\n

\u2014 Zero Day Initiative (@thezdi) February 25, 2020<\/a><\/p>\n<\/blockquote>\n

But it's only of interest to people who deal with such vulnerabilities. The rest simply patch their Exchange servers (see this Microsoft page<\/a>).<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]In this blog post I summarize some security information that has come to my attention in the last few hours. These are topics, for which I do not want to publish separate individual contributions in the blog. It is about … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[921,11,580,2],"tags":[396,637,125,194],"class_list":["post-13395","post","type-post","status-publish","format-standard","hentry","category-linux","category-office","category-security","category-windows","tag-echange","tag-linux","tag-office","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=13395"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13395\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=13395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=13395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=13395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}