Hi @ll,
since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.
Among other components current versions of Windows and .NET Framework
include
C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,
Qualys Security Advisory
Local information disclosure in OpenSMTPD (CVE-2020-8793)
==
Contents
==
Summary
Analysis
Exploitation
POKE 47196, 20
Qualys Security Advisory
LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
==
Contents
==
Summary
Analysis
...
Acknowledgments
===
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4633-1 secur...@debian.org
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020
I've quoted the Cisco summary below as it's pretty accurate.
tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.
Thanks to Cisco PSIRT who were responsive and professional.
Shouts to Andrew, D