CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-7247

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score33.4850%
EPSS Percentile88.23th
Published2020年1月29日
Last Modified2025年11月7日

Vulnerability Description

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Affected Platforms (CPE)

📦
Openbsd

Opensmtpd

= 6.6
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Fedoraproject

Fedora

= 32
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 19.10

References & Advisories

🔗 http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html
🔗 http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
🔗 http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html
🔗 http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html
🔗 http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html
🔗 http://seclists.org/fulldisclosure/2020/Jan/49
🔗 http://www.openwall.com/lists/oss-security/2020/01/28/3
🔗 https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45

相關漏洞威脅

CVE-2020-87949.8

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line rep...

CVE-2015-76879.8

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arb...

CVE-2020-356807.5

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (N...

CVE-2020-356797.5

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" mem...