smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Apr 2022, 13:24
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Jan/49 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html - Broken Link | |
References | (CERT-VN) https://www.kb.cert.org/vuls/id/390745 - Third Party Advisory, US Government Resource | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4268-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/51 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
CWE | CWE-78 CWE-755 |
|
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* |
|
First Time |
Canonical ubuntu Linux
Canonical Fedoraproject fedora Fedoraproject |
06 Apr 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-01-29 16:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-7247
Mitre link : CVE-2020-7247
CVE.ORG link : CVE-2020-7247
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
openbsd
- opensmtpd
fedoraproject
- fedora