Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions.
Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. OpenSMTPD is an open-source implementation of the server-side SMTP protocol as defined by RFC 5321, it includes also some additional standard extensions. It allows ordinary machines to exchange emails with other systems speaking the SMTP protocol.
OpenSMTPD is present in many Linux distros, including on FreeBSD, NetBSD, Debian, Fedora, and Alpine Linux.
The CVE-2020-7247 vulnerability is a local privilege escalation issue and remote code execution flaw that can be exploited by remote attackers to execute arbitrary code with root privileges on a server that uses the OpenSMTPD client.
“Qualys has found a critical vulnerability leading to a possible privilege escalation.” reads the advisory published by Qualys. “It is very important that you upgrade your setups AS SOON AS POSSIBLE.”
An attacker could exploit the flaw by sending malformed SMTP messages to a vulnerable server.
“Nevertheless, our ability to execute arbitrary shell commands through the local part of the sender address is rather limited:
although OpenSMTPD is less restrictive than RFC 5321, the maximum length of a local part should be 64 characters;
the characters in MAILADDR_ESCAPE (for example, ‘$’ and ‘|’) are transformed into ‘:’ characters. To overcome these limitations, we drew inspiration from the Morris worm (https://spaf.cerias.purdue.edu/tech-reps/823.pdf), which exploited the DEBUG vulnerability in Sendmail by executing the body of a mail as a shell script“
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.