Vulnerability in OpenSMTPD, Recently vulnerability found inside a core email library, It is used by many Linux distributions and BSD. Security researchers discovered it.
OpenSMTPD and OpenBSD’s servers are affected by vulnerability CVE-2020-7247. Via a crafted SMTP session remote attackers can execute arbitrary commands as root. As it is demonstrated by shell metacharacters in the mail from the field. It impacts the uncommented default configuration. Since May 2018, CVE-2020-7247 is exploitable.
OpenBSD is the Main project and Open SMTPD is the part of it. It allows exchanging emails with other remote systems speaking the SMTP protocol. Vulnerability contains remote code execution flaws and local privilege escalation. It can be run remote code on a server, which uses the OpenSMTPD client.
A Patch has released for A vulnerability in OpenSMTPD library
Vulnerability is confirmed by OpenSMTPD developers and released a patch. It is called as a critical security bugfix release. From the recent announcement, simple proof of concept developed by developer and tested against OpenBSD 6.6 and Debian testing. But other distributions and versions may be exploitable.
If you interested in reading more or want to know what is technical details? Read Qualys CVE-2020-7247 Security Advisory.
Read More about Linux News? Signup for our Newsletter for daily Linux updates straight to your mail.