Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions.
Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD.
The CVE-2020-7247 vulnerability is a local privilege escalation issue and remote code execution flaw that can be exploited by remote attackers to execute arbitrary code with root privileges on a server that uses the OpenSMTPD client.
An attacker could exploit the flaw by sending malformed SMTP messages to a vulnerable server.
The experts pointed out that exploitation had some limitations:
“Nevertheless, our ability to execute arbitrary shell commands through the local part of the sender address is rather limited:
althoughOpenSMTPD is less restrictive than RFC 5321, the maximum length of a local part should be 64 characters; thecharacters in MAILADDR_ESCAPE (for example, ‘$’ and ‘|’) are transformed into ‘:’ characters. To overcome these limitations, we drew inspiration from the Morris worm (https://spaf.cerias.purdue.edu/tech-reps/823.pdf), which exploited the DEBUG vulnerability in Sendmail by executing the body of a mail as a shell script“
The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many
The experts also released a proof of concept exploit code for the vulnerability.