LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

vendor:

OpenSMTPD

by:

Qualys, Inc.

9.8

CVSS

CRITICAL

Local Privilege Escalation and Remote Code Execution

CWE

Product Name: OpenSMTPD

Affected Version From: 6.6.2p1

Affected Version To: 6.6.3p1

Patch Exists: YES

Related CWE: CVE-2020-8794

CPE: a:openbsd:opensmtpd:6.6.2p1

Metasploit: https://www.rapid7.com/db/vulnerabilities/debian-cve-2020-8794/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2020-8794/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2020-8794/

Other Scripts: N/A

Platforms Tested: Linux, Mac, Windows

2020

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

A vulnerability in OpenSMTPD's default install allows an attacker to execute arbitrary code with root privileges. The vulnerability is due to a lack of input validation in the SMTP protocol parser. An attacker can send a specially crafted SMTP command to the server, which will cause the parser to execute arbitrary code with root privileges. This can be used to gain access to the server and execute malicious code.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of OpenSMTPD to ensure that they are protected.

Source

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

Mitigation:

Exploit-DB raw data: