| Title | LPE and RCE in OpenSMTPD |
|---|
| Description | We discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root:
- either locally, in OpenSMTPD's default configuration (which listens on the loopback interface and only accepts mail from localhost);
- or locally and remotely, in OpenSMTPD's "uncommented" default configuration (which listens on all interfaces and accepts external mail).
CVE-2020-7247
Proof of Concept Exploit available |
|---|
| Source | ⚠️ https://www.openwall.com/lists/oss-security/2020/01/28/3 |
|---|
| User | misc (UID 3) |
|---|
| Submission | 01/29/2020 09:43 (6 years ago) |
|---|
| Moderation | 08/10/2020 10:38 (6 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 149547 [OpenSMTPD 6.6 SMTP Session smtp_session.c MAIL FROM return value] |
|---|
| Points | 19 |
|---|