Lucene search
SAINT CorporationSAINT:75A4E14C752AC962AD588141EDF2792FHistoryFeb 10, 2020 - 12:00 a.m.
OpenSMTPD MAIL FROM command injection
2020-02-1000:00:00
SAINT Corporation
download.saintcorporation.com
339
0.975 High
EPSS
Percentile
100.0%
Added: 02/10/2020
CVE: CVE-2020-7247
Background
OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms.
Problem
The **smtp_mailaddr** function does not properly sanitize user input, allowing remote attackers to inject arbitrary commands into the **MAIL FROM** header.
Resolution
Upgrade to OpenSMTPD 6.6.2p1 or higher.
References
<https://www.kb.cert.org/vuls/id/390745/>
Limitations
Exploit works with OpenSMTPD 6.6.0.
Related
openvas
openvas
Ubuntu: Security Advisory (USN-4268-1)
2020-02-06 00:00:00
Debian: Security Advisory (DSA-4611-1)
2020-01-31 00:00:00
Fedora: Security Advisory for opensmtpd (FEDORA-2020-b92d7083ca)
2020-03-17 00:00:00
packetstorm
packetstorm
OpenSMTPD MAIL FROM Remote Code Execution
2020-02-07 00:00:00
OpenSMTPD 6.6.1 Local Privilege Escalation
2020-02-11 00:00:00
OpenSMTPD 6.6.2 Remote Code Execution
2020-01-30 00:00:00
exploitpack
exploitpack
OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution
2020-02-11 00:00:00
OpenSMTPD 6.6.2 - Remote Code Execution
2020-01-30 00:00:00
cisa_kev
cisa_kev
OpenSMTPD Remote Code Execution Vulnerability
2022-03-25 00:00:00
nvd
nvd
CVE-2020-7247
2020-01-29 16:15:12
zdt
zdt
OpenSMTPD 6.6.1 - Local Privilege Escalation Exploit
2020-02-11 00:00:00
OpenSMTPD 6.6.2 - Remote Code Execution Exploit
2020-01-30 00:00:00
OpenSMTPD - MAIL FROM Remote Code Execution Exploit
2020-02-10 00:00:00
nessus
nessus
OpenSMTPD Critical LPE / RCE (CVE-2020-7247)
2020-02-14 00:00:00
Debian DSA-4611-1 : opensmtpd - security update
2020-01-30 00:00:00
freebsd
freebsd
OpenSMTPd -- critical LPE / RCE vulnerability
2020-01-28 00:00:00
qualysblog
qualysblog
OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247)
2020-01-29 17:04:47
saint
saint
OpenSMTPD MAIL FROM command injection
2020-02-10 00:00:00
OpenSMTPD MAIL FROM command injection
2020-02-10 00:00:00
cvelist
cvelist
CVE-2020-7247
2020-01-29 15:53:18
cert
cert
OpenSMTPD vulnerable to local privilege escalation and remote code execution
2020-01-31 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-09-21 06:24:16
ubuntu
ubuntu
OpenSMTPD vulnerability
2020-02-05 00:00:00
OpenSMTPD vulnerabilities
2021-03-15 00:00:00
debiancve
debiancve
CVE-2020-7247
2020-01-29 16:15:12
prion
prion
Input validation
2020-01-29 16:15:00
debian
debian
[SECURITY] [DSA 4611-1] opensmtpd security update
2020-01-29 22:00:16
thn
thn
Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
2020-01-30 09:07:00
githubexploit
githubexploit
Exploit for OS Command Injection in Openbsd Opensmtpd
2021-02-01 13:01:21
Exploit for OS Command Injection in Openbsd Opensmtpd
2021-06-19 07:34:42
Exploit for OS Command Injection in Openbsd Opensmtpd
2021-02-13 06:57:47
osv
osv
CVE-2020-7247
2020-01-29 16:15:12
opensmtpd - security update
2020-01-29 00:00:00
opensmtpd vulnerabilities
2021-03-15 23:06:41
attackerkb
attackerkb
CVE-2020-7247
2020-01-29 00:00:00
CVE-2020-8794
2020-02-25 00:00:00
cve
cve
CVE-2020-7247
2020-01-29 16:15:12
archlinux
archlinux
[ASA-202001-6] opensmtpd: arbitrary command execution
2020-01-29 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSMTPD Remote Code Execution (CVE-2020-7247)
2020-03-18 00:00:00
alpinelinux
alpinelinux
CVE-2020-7247
2020-01-29 16:15:12
ubuntucve
ubuntucve
CVE-2020-7247
2020-01-29 00:00:00
f5
f5
K34931053 : OpenSMTPD vulnerability CVE-2020-7247
2020-11-13 00:00:00
exploitdb
exploitdb
OpenSMTPD 6.6.1 - Remote Code Execution
2020-01-30 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: opensmtpd-6.6.4p1-2.fc32
2020-03-16 20:45:40