Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD.
The CVE-2020-7247 vulnerability is a local privilege escalation issue and remote code execution flaw that can be exploited by remote attackers to execute arbitrary code with root privileges on a server that uses the OpenSMTPD client.
An attacker could exploit the flaw by sending malformed SMTP messages to a vulnerable server.
The experts pointed out that exploitation had some limitations:
“Nevertheless, our ability to execute arbitrary shell commands through the local part of the sender address is rather limited:
The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many
The experts also released a proof of concept exploit code for the vulnerability.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.