VDB
CVE-2020-7247
CVE-2020-7247
PUBLISHED
KEV
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
EPSS 94.11% · 99.9th percentile
Risk Scores
EPSS Score
94.11%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | opensmtpd | 5.4.2p1-4, 0, 5.7.3p2-1 |
| Ubuntu:Pro:14.04:LTS | opensmtpd | 5.4.1p1-1, 0, 5.3.3p1-4 |
| Ubuntu:18.04:LTS | opensmtpd | 6.0.3p1-1, 6.0.2p1-2build1, 0 |
Timeline
- Jan 29, 2020 PoC Published
- Jan 29, 2020 CVE Published
- Jan 30, 2020 PoC Published
- Jan 30, 2020 PoC Published
- Feb 7, 2020 PoC Published
- Feb 10, 2020 PoC Published
- Feb 10, 2020 PoC Published
- Feb 11, 2020 PoC Published
- Feb 11, 2020 PoC Published
- Feb 17, 2021 PoC Published
- Apr 7, 2021 PoC Published
- Apr 14, 2021 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-7247 third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/01/28/3 third-party-advisory
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig third-party-advisory
- https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff third-party-advisory
- http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html third-party-advisory
- http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html third-party-advisory
- http://www.openwall.com/lists/oss-security/2020/01/28/3 third-party-advisory
- https://seclists.org/bugtraq/2020/Jan/51 third-party-advisory
- https://www.debian.org/security/2020/dsa-4611 third-party-advisory
- https://www.kb.cert.org/vuls/id/390745 third-party-advisory
- https://www.openbsd.org/security.html third-party-advisory
- https://ubuntu.com/security/notices/USN-4268-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-7247 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory
- https://ubuntu.com/security/notices/USN-4875-1 vendor-advisory