CVE-2020-8793

Name of the Vulnerable Software and Affected Versions OpenSMTPD versions prior to 6.6.4

Description The issue allows local users to read arbitrary files due to a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. This can be particularly problematic on some Linux distributions.

Recommendations For versions prior to 6.6.4, update to version 6.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files that could be read through this vulnerability until the update is applied.