ID CVE-2020-7247
Summary smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 31-01-2020 - 23:15)
Impact:
Exploitability:
CWE CWE-252
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20200129 [SECURITY] [DSA 4611-1] opensmtpd security update
cert-vn VU#390745
confirm
debian DSA-4611
fedora FEDORA-2020-b92d7083ca
fulldisc 20200131 LPE and RCE in OpenSMTPD (CVE-2020-7247)
misc
ubuntu USN-4268-1
saint via4
description OpenSMTPD MAIL FROM command injection
id mail_smtp_opensmtpd
title opensmtpd_mail_from
type remote
Last major update 31-01-2020 - 23:15
Published 29-01-2020 - 16:15
Last modified 31-01-2020 - 23:15
Back to Top