Published: 25/02/2020 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

OpenSMTPD prior to 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensmtpd opensmtpd
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
fedoraproject fedora 31
fedoraproject fedora 32
debian debian linux 9.0
debian debian linux 10.0

Several security issues were fixed in opensmtpd ...

Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fixed in version 602p1-2+deb9u3 For the stable distribution (buster), this problem has been fixed ...

An out-of-bounds read vulnerability has been found in the client-side code of OpenSMTPD <= 663p1, leading to arbitrary code execution via a crafted SMTP transaction ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local # smtpd(8) may crash on a malformed message Rank = AverageRanking include Msf::Exploit::Remote::TcpServer include Msf::Exploit::Remote::AutoCheck inclu ...

/* * LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) * Copyright (C) 2020 Qualys, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later vers ...

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses ...

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands ...

Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ============================================================================== Contents ============================================================================== Summary Analysis Acknowledgments ======================================================== ...

Hi Alexander, On Tue, Feb 25, 2020 at 12:54:50AM +0500, Alexander E Patrakov wrote: If there is absolutely nothing else in your configuration file, you should be fine Still, we recommend that you patch as soon as possible; just in case we missed an attack vector With best regards, -- the Qualys Security Advisory team [d1dejaj6dcqv ...

* Alexander E Patrakov: I have edited the update and flagged it as security However, without feedback from community testing (karma), this update cannot be pushed at this time The package also failed to build on Fedora 32 and 33/rawhide due to C conformance issues, so there are no updates available there Thanks, Florian ...

On Thu, Feb 27, 2020 at 12:38 AM Qualys Security Advisory <qsa () qualys com> wrote: Just in case, I would like to complain here that my Fedora 31 systems have not received an update There is indeed something in testing, but it is (mistakenly?) marked as a bugfix release and not as a security update: bodhifedoraprojectorg/updat ...

Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim ======================================================================== Contents ======================================================================== Summary Local vulnerabilities - CVE-2020-28007: Link attack in Exim's log directory - CVE-2020-28008: Assorted attacks in Ex ...

On Mon, Feb 24, 2020 at 10:55 PM Qualys Security Advisory <qsa () qualys com> wrote: I would like a bit of clarification We use OpenSMTPD as a dumb thing that only relays mail to a central server and never delivers it locally The remote server is under our control ============= table credentials { smarthostexamplecom=myuser:mypassword ...

Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ============================================================================== Contents ============================================================================== Summary Analysis Acknowledgments ======================================================== ...

Qualys Security Advisory LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) ============================================================================== Contents ============================================================================== Summary Analysis Client-side exploitation (new grammar) Server-side exploitation (new grammar) ...

CWE-125 https://www.openbsd.org/security.html https://www.openwall.com/lists/oss-security/2020/02/24/5 http://www.openwall.com/lists/oss-security/2020/02/26/1 https://www.debian.org/security/2020/dsa-4634 http://seclists.org/fulldisclosure/2020/Feb/32 http://www.openwall.com/lists/oss-security/2020/03/01/1 http://www.openwall.com/lists/oss-security/2020/03/01/2 http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.html https://usn.ubuntu.com/4294-1/http://www.openwall.com/lists/oss-security/2021/05/04/7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://nvd.nist.gov https://usn.ubuntu.com/4294-1/https://www.exploit-db.com/exploits/48185

CVE-2020-8794

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect