CVE-2020-7247

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Severity
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
openbsdopensmtpd
6.6
debiandebian_linux
9.0
debiandebian_linux
10.0
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opensmtpd
bullseye
6.8.0p2-3
fixed
bookworm
6.8.0p2-4
fixed
sid
7.5.0p0-1
fixed
trixie
7.5.0p0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opensmtpd
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
Fixed 6.0.3p1-6ubuntu0.1
released
bionic
Fixed 6.0.3p1-1ubuntu0.1
released
xenial
Fixed 5.7.3p2-1ubuntu0.1~esm1
released
trusty
Fixed 5.4.1p1-1ubuntu0.1~esm1
released