Vulnerabilities > CVE-2020-7247 - Improper Handling of Exceptional Conditions vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH network
low complexity
openbsd
debian
fedoraproject
canonical
CWE-755
critical
nessus
exploit available
metasploit
Summary
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 2 | |
| OS | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
id EDB-ID:48038 last seen 2020-02-10 modified 2020-02-10 published 2020-02-10 reporter Exploit-DB source https://www.exploit-db.com/download/48038 title OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit) id EDB-ID:47984 last seen 2020-01-30 modified 2020-01-30 published 2020-01-30 reporter Exploit-DB source https://www.exploit-db.com/download/47984 title OpenSMTPD 6.6.2 - Remote Code Execution
Metasploit
| description | This module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute a command as the root user. |
| id | MSF:EXPLOIT/UNIX/SMTP/OPENSMTPD_MAIL_FROM_RCE |
| last seen | 2020-06-12 |
| modified | 2020-04-22 |
| published | 2020-01-29 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/smtp/opensmtpd_mail_from_rce.rb |
| title | OpenSMTPD MAIL FROM Remote Code Execution |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4268-1.NASL description It was discovered that OpenSMTPD incorrectly verified the sender last seen 2020-06-01 modified 2020-06-02 plugin id 133522 published 2020-02-06 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133522 title Ubuntu 18.04 LTS / 19.10 : OpenSMTPD vulnerability (USN-4268-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4268-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(133522); script_version("1.3"); script_cvs_date("Date: 2020/02/12"); script_cve_id("CVE-2020-7247"); script_xref(name:"USN", value:"4268-1"); script_name(english:"Ubuntu 18.04 LTS / 19.10 : OpenSMTPD vulnerability (USN-4268-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4268-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected opensmtpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'OpenSMTPD MAIL FROM Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:opensmtpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"opensmtpd", pkgver:"6.0.3p1-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"opensmtpd", pkgver:"6.0.3p1-6ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opensmtpd"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_08F5C27D432611EAAF8B00155D0A0200.NASL description OpenSMTPD developers report : An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user last seen 2020-06-01 modified 2020-06-02 plugin id 133327 published 2020-01-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133327 title FreeBSD : OpenSMTPd -- critical LPE / RCE vulnerability (08f5c27d-4326-11ea-af8b-00155d0a0200) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2020 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(133327); script_version("1.5"); script_cvs_date("Date: 2020/02/12"); script_cve_id("CVE-2020-7247"); script_name(english:"FreeBSD : OpenSMTPd -- critical LPE / RCE vulnerability (08f5c27d-4326-11ea-af8b-00155d0a0200)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "OpenSMTPD developers report : An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user" ); script_set_attribute( attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2020/01/28/3" ); # https://vuxml.freebsd.org/freebsd/08f5c27d-4326-11ea-af8b-00155d0a0200.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a356904a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7247"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'OpenSMTPD MAIL FROM Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:opensmtpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"opensmtpd>=6.4.0,1<6.6.2,1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4611.NASL description Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade. last seen 2020-06-01 modified 2020-06-02 plugin id 133326 published 2020-01-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133326 title Debian DSA-4611-1 : opensmtpd - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4611. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(133326); script_version("1.5"); script_cvs_date("Date: 2020/02/13"); script_cve_id("CVE-2020-7247"); script_xref(name:"DSA", value:"4611"); script_name(english:"Debian DSA-4611-1 : opensmtpd - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of email addresses which could result in the execution of arbitrary commands as root. In addition this update fixes a denial of service by triggering an opportunistic TLS downgrade." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950121" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/opensmtpd" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4611" ); script_set_attribute( attribute:"solution", value: "Upgrade the opensmtpd packages. For the oldstable distribution (stretch), these problems have been fixed in version 6.0.2p1-2+deb9u2. For the stable distribution (buster), these problems have been fixed in version 6.0.3p1-5+deb10u3. This update also includes non-security bugfixes which were already lined up for the Buster 10.3 point release." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7247"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'OpenSMTPD MAIL FROM Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:opensmtpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"10.0", prefix:"opensmtpd", reference:"6.0.3p1-5+deb10u3")) flag++; if (deb_check(release:"9.0", prefix:"opensmtpd", reference:"6.0.2p1-2+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SMTP problems NASL id OPENSMTPD_RCE_CVE-2020-7247.NASL description A remote code execution vulnerability exists in OpenSMTPD due to unsanitized email inputs. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. last seen 2020-03-18 modified 2020-02-14 plugin id 133717 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133717 title OpenSMTPD Critical LPE / RCE Vulnerability Remote Check code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133717); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/14"); script_cve_id("CVE-2020-7247"); script_name(english:"OpenSMTPD Critical LPE / RCE Vulnerability Remote Check"); script_set_attribute(attribute:"synopsis", value: "The remote mail server is affected by a LPE / RCE Vulnerability."); script_set_attribute(attribute:"description", value: "A remote code execution vulnerability exists in OpenSMTPD due to unsanitized email inputs. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges."); script_set_attribute(attribute:"see_also", value:"https://www.openwall.com/lists/oss-security/2020/01/28/3"); script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2020-7247"); script_set_attribute(attribute:"see_also", value:"https://www.openbsd.org/errata66.html"); script_set_attribute(attribute:"solution", value: "Update the affected opensmtpd package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7247"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'OpenSMTPD MAIL FROM Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openbsd:opensmtpd"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"SMTP problems"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("find_service1.nasl", "smtpserver_detect.nasl"); script_require_ports("Services/smtp", 25); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("smtp_func.inc"); port = get_service(svc:"smtp", default:25, exit_on_fail:TRUE); banner = get_kb_item_or_exit("smtp/banner/" + port); if ("ESMTP OpenSMTPD" >!< banner) audit(AUDIT_NOT_LISTEN, "OpenSMTPD", port); soc = open_sock_tcp(port); if (!soc) audit(AUDIT_SOCK_FAIL, port); timeout = get_kb_item("smtp/"+port+"/greetpause"); if (isnull(timeout)) timeout = 30; socket_set_timeout(socket:soc, timeout:timeout); hostname = get_kb_item('smtp/'+ port + '/helo'); if (!hostname) hostname = 'nessus'; banner = smtp_recv_line(socket:soc, code:"220"); if ("OpenSMTPD" >!< banner) { close(soc); audit(AUDIT_NOT_LISTEN, "OpenSMTPD", port); } send(socket:soc, data:'HELO nessus\r\n'); var res = smtp_recv_line(socket:soc, code:"250"); if (empty_or_null(res) || 'pleased to meet you' >!< res) { close(soc); exit(1, "The SMTP server on port " + port + " didn't respond to 'HELO'."); } send(socket:soc, data:'MAIL FROM:<;echo "This OpenSMTPD is Vulnerable to Command Insertion";>\r\n'); res = smtp_recv_line(socket:soc, code:"250"); if (empty_or_null(res) || 'error' >< res || 'Error' >< res || 'syntax' >< res ) { close(soc); exit(1, "The OpenSMTP server on port " + port + " did not accept email address, therefore, it is not vulnerable"); } close(soc); report = '\nNessus was able to confirm the vulnerability by sending a specially crafted MAIL FROM command to the remote smtp server.\n'; security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
Packetstorm
data source https://packetstormsecurity.com/files/download/156145/opensmtpd662-exec.txt id PACKETSTORM:156145 last seen 2020-01-30 published 2020-01-30 reporter Qualys Security Advisory source https://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html title OpenSMTPD 6.6.2 Remote Code Execution data source https://packetstormsecurity.com/files/download/156137/qualys-opensmtpd.txt id PACKETSTORM:156137 last seen 2020-01-29 published 2020-01-29 reporter Qualys Security Advisory source https://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html title OpenBSD OpenSMTPD Privilege Escalation / Code Execution data source https://packetstormsecurity.com/files/download/156249/opensmtpd_mail_from_rce.rb.txt id PACKETSTORM:156249 last seen 2020-02-09 published 2020-02-07 reporter wvu source https://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html title OpenSMTPD MAIL FROM Remote Code Execution data source https://packetstormsecurity.com/files/download/156295/raptor_opensmtpd.pl.txt id PACKETSTORM:156295 last seen 2020-02-12 published 2020-02-11 reporter Marco Ivaldi source https://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html title OpenSMTPD 6.6.1 Local Privilege Escalation
Saint
| description | OpenSMTPD MAIL FROM command injection |
| id | mail_smtp_opensmtpd |
| title | opensmtpd_mail_from |
| type | remote |
The Hacker News
| id | THN:FE11DF5FD21913ABB0A26444842D05EA |
| last seen | 2020-01-30 |
| modified | 2020-01-30 |
| published | 2020-01-30 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html |
| title | Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers |
Related news
References
- https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45
- http://www.openwall.com/lists/oss-security/2020/01/28/3
- https://www.openbsd.org/security.html
- http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html
- https://seclists.org/bugtraq/2020/Jan/51
- https://www.debian.org/security/2020/dsa-4611
- http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
- https://www.kb.cert.org/vuls/id/390745
- http://seclists.org/fulldisclosure/2020/Jan/49
- http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html
- https://usn.ubuntu.com/4268-1/
- http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/