OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "opensmtpd", "binary_version": "5.7.3p2-1ubuntu0.1~esm2" }, { "binary_name": "opensmtpd-dbgsym", "binary_version": "5.7.3p2-1ubuntu0.1~esm2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "opensmtpd", "binary_version": "6.0.3p1-1ubuntu0.2" }, { "binary_name": "opensmtpd-dbgsym", "binary_version": "6.0.3p1-1ubuntu0.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "opensmtpd", "binary_version": "6.6.4p1-1" }, { "binary_name": "opensmtpd-dbgsym", "binary_version": "6.6.4p1-1" } ] }