CVE-2020-7247

Name
CVE-2020-7247
Description
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45
Exploit http://www.openwall.com/lists/oss-security/2020/01/28/3
Patch https://www.openbsd.org/security.html
Exploit http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html
Third Party Advisory https://seclists.org/bugtraq/2020/Jan/51
Third Party Advisory https://www.debian.org/security/2020/dsa-4611
Third Party Advisory http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
CERT-VN https://www.kb.cert.org/vuls/id/390745
FULLDISC http://seclists.org/fulldisclosure/2020/Jan/49
MISC http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html
MISC http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html
UBUNTU https://usn.ubuntu.com/4268-1/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
MISC http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
134c704f-9b21-4f2e-91b3-4a467353bcc0 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:* opensmtpd == None == 6.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
opensmtpd edge-main 6.6.2p1-r0 None fixed
opensmtpd edge-community 6.6.2p1-r0 None fixed
opensmtpd 3.22-community 6.6.2p1-r0 None fixed
opensmtpd 3.21-community 6.6.2p1-r0 None fixed
opensmtpd 3.20-community 6.6.2p1-r0 None fixed
opensmtpd 3.19-community 6.6.2p1-r0 None fixed
opensmtpd 3.18-community 6.6.2p1-r0 None fixed
opensmtpd 3.17-main 6.6.2p1-r0 None fixed
opensmtpd 3.17-community 6.6.2p1-r0 None fixed
opensmtpd 3.12-main 6.6.2p1-r0 None fixed
opensmtpd 3.11-main 6.6.2p1-r0 None fixed