| Vulnerability Name: | CVE-2020-7247 (CCN-175213) | ||||||||||||
| Assigned: | 2020-01-29 | ||||||||||||
| Published: | 2020-01-29 | ||||||||||||
| Updated: | 2022-04-29 | ||||||||||||
| Summary: | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
9.3 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 CWE-755 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-7247 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html Source: MISC Type: Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html Source: MISC Type: Broken Link http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html Source: FULLDISC Type: Mailing List, Third Party Advisory 20200131 LPE and RCE in OpenSMTPD (CVE-2020-7247) Source: CCN Type: US-CERT VU#390745 OpenSMTPD vulnerable to local privilege escalation and remote code execution Source: MISC Type: Exploit, Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2020/01/28/3 Source: XF Type: UNKNOWN opensmtpd-cve20207247-priv-esc(175213) Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-b92d7083ca Source: CCN Type: Packet Storm Security [01-29-2020] OpenBSD OpenSMTPD Privilege Escalation / Code Execution Source: CCN Type: Packet Storm Security [01-30-2020] OpenSMTPD 6.6.2 Remote Code Execution Source: CCN Type: Packet Storm Security [02-07-2020] OpenSMTPD MAIL FROM Remote Code Execution Source: CCN Type: Packet Storm Security [02-11-2020] OpenSMTPD 6.6.1 Local Privilege Escalation Source: CCN Type: Packet Storm Security [04-06-2021] OpenBSD OpenSMTPD 6.6 Remote Code Execution Source: CCN Type: BugTraq Mailing List, Mon, 27 Jan 2020 15:48:29 +0000 LPE and RCE in OpenSMTPD (CVE-2020-7247) Source: BUGTRAQ Type: Mailing List, Third Party Advisory 20200129 [SECURITY] [DSA 4611-1] opensmtpd security update Source: UBUNTU Type: Third Party Advisory USN-4268-1 Source: DEBIAN Type: Third Party Advisory DSA-4611 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-30-2020] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-10-2020] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-11-2020] Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#390745 Source: CONFIRM Type: Patch, Vendor Advisory https://www.openbsd.org/security.html Source: CCN Type: OpenSMTPD Web site OpenSMTPD Source: CCN Type: WhiteSource Vulnerability Database CVE-2020-7247 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||