CVE-2020-8793

MEDIUM

OpenSMTPD < 6.6.4 - Local Arbitrary File Read via Race Condition in makemap.c and smtpd.c

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-8793. PoCs published by Qualys Corporation.

AI-analyzed exploit summary This exploit leverages a race condition in OpenSMTPD's offline queue processing to read arbitrary files by manipulating queue files and monitoring process execution. It requires local access and specific conditions to trigger the vulnerability.

Description

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

Exploits (1)

exploitdb WORKING POC

by Qualys Corporation · cremotelinux

https://www.exploit-db.com/exploits/48139

View Code ZIP pw:eip

This exploit leverages a race condition in OpenSMTPD's offline queue processing to read arbitrary files by manipulating queue files and monitoring process execution. It requires local access and specific conditions to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Complex

Reliability

Racy

Target: OpenSMTPD 6.6.3

No auth needed

Prerequisites: Local access to the system · OpenSMTPD running with vulnerable configuration

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

https://www.openbsd.org/security.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/02/24/4

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/Feb/28

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4294-1/

Scores

CVSS v3 4.7

EPSS 0.0079

EPSS Percentile 74.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-367 CWE-426

Status published

Products (4)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

fedoraproject/fedora 32

opensmtpd/opensmtpd < 6.6.4

Published Feb 25, 2020

Tracked Since Feb 18, 2026