CVE-2020-7247

{"id": "CVE-2020-7247", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-01-29T16:15:12.897", "references": [{"url": "http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2020/Jan/49", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2020/01/28/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://seclists.org/bugtraq/2020/Jan/51", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://usn.ubuntu.com/4268-1/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.debian.org/security/2020/dsa-4611", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.kb.cert.org/vuls/id/390745", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://www.openbsd.org/security.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2020/Jan/49", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2020/01/28/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2020/Jan/51", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4268-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2020/dsa-4611", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/390745", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openbsd.org/security.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-755"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation."}, {"lang": "es", "value": "La funci\u00f3n smtp_mailaddr en el archivo smtp_session.c en OpenSMTPD versi\u00f3n 6.6, como es usado en OpenBSD versi\u00f3n 6.6 y otros productos, permite a atacantes remotos ejecutar comandos arbitrarios como root por medio de una sesi\u00f3n SMTP dise\u00f1ada, como es demostrado por metacaracteres de shell en un campo MAIL FROM. Esto afecta la configuraci\u00f3n predeterminada \"uncommented\". El problema se presenta debido a un valor de retorno incorrecto tras un fallo en la comprobaci\u00f3n de entrada."}], "lastModified": "2025-11-07T22:02:55.513", "cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2D1D6E5-21BA-40CC-870F-A940DD814532"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "OpenSMTPD Remote Code Execution Vulnerability"}