Published: 25/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

OpenSMTPD prior to 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensmtpd opensmtpd
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
fedoraproject fedora 31
fedoraproject fedora 32
debian debian linux 9.0
debian debian linux 10.0

Several security issues were fixed in opensmtpd ...

Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fixed in version 602p1-2+deb9u3 For the stable distribution (buster), this problem has been fixed ...

An out-of-bounds read vulnerability has been found in the client-side code of OpenSMTPD <= 663p1, leading to arbitrary code execution via a crafted SMTP transaction ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local # smtpd(8) may crash on a malformed message Rank = AverageRanking include Msf::Exploit::Remote::TcpServer include Msf::Exploit::Remote::AutoCheck inclu ...

/* * LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) * Copyright (C) 2020 Qualys, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later vers ...

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses ...

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands ...

oss-sec mailing list archives   By Date By Thread </form>    Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)   From: Qu ...

oss-sec mailing list archives   By Date By Thread </form>    Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)   From: Fl ...

oss-sec mailing list archives   By Date By Thread </form>    LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)   From: Qualys ...

oss-sec mailing list archives   By Date By Thread </form>    Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)   From: "A ...

CWE-125 https://www.openbsd.org/security.html https://www.openwall.com/lists/oss-security/2020/02/24/5 http://www.openwall.com/lists/oss-security/2020/02/26/1 https://www.debian.org/security/2020/dsa-4634 http://seclists.org/fulldisclosure/2020/Feb/32 http://www.openwall.com/lists/oss-security/2020/03/01/1 http://www.openwall.com/lists/oss-security/2020/03/01/2 http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html https://usn.ubuntu.com/4294-1/http://www.openwall.com/lists/oss-security/2021/05/04/7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://usn.ubuntu.com/4294-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/48185

CVE-2020-8794

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect