CVEブラウザに戻る

CVE-2020-8794

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1150%

EPSS Percentile25.79th

Published2020年2月25日

Last Modified2024年11月21日

Vulnerability Description

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Affected Platforms (CPE)

📦

Opensmtpd

Opensmtpd

< 6.6.4

💻

Canonical

Ubuntu Linux

= 18.04

💻

Canonical

Ubuntu Linux

= 19.10

💻

Fedoraproject

Fedora

= 31

💻

Fedoraproject

Fedora

= 32

💻

Debian

Debian Linux

= 9.0

💻

Debian

Debian Linux

= 10.0

References & Advisories

🔗 http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html

🔗 http://seclists.org/fulldisclosure/2020/Feb/32

🔗 http://www.openwall.com/lists/oss-security/2020/02/26/1

🔗 http://www.openwall.com/lists/oss-security/2020/03/01/1

🔗 http://www.openwall.com/lists/oss-security/2020/03/01/2

🔗 http://www.openwall.com/lists/oss-security/2021/05/04/7

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/

🔗 https://usn.ubuntu.com/4294-1/

関連する脆弱性情報

CVE-2020-72479.8

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute ar...

CVE-2015-76879.8

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arb...

CVE-2020-356807.5

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (N...

CVE-2020-356797.5

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" mem...