707828 – (CVE-2020-7247) <mail-mta/opensmtpd-6.0.3_p1-r2: Remote Code Execution Vulnerability (CVE-2020-7247)

Bug 707828 (CVE-2020-7247) - <mail-mta/opensmtpd-6.0.3_p1-r2: Remote Code Execution Vulnerability (CVE-2020-7247)

Summary: <mail-mta/opensmtpd-6.0.3_p1-r2: Remote Code Execution Vulnerability (CVE-202...

Status:	RESOLVED FIXED

Alias:	CVE-2020-7247

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Low trivial (vote)
Assignee:	Gentoo Security

URL:	https://www.qualys.com/2020/01/28/cve...
Whiteboard:	~1 [noglsa]
Keywords:

Duplicates (1):	710680 (view as bug list)
Depends on:
Blocks:

Reported:	2020-02-02 00:15 UTC by filip ambroz
Modified:	2020-02-24 17:50 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description filip ambroz 2020-02-02 00:15:56 UTC

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Comment 1 filip ambroz 2020-02-02 00:23:30 UTC

Versions prior to 6.6 also vulnerable?
https://security-tracker.debian.org/tracker/CVE-2020-7247

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2020-02-24 17:50:46 UTC

*** Bug 710680 has been marked as a duplicate of this bug. ***