OpenSMTPD Critical LPE / RCE Vulnerability Remote Check

Critical Nessus Plugin ID 133717

Synopsis

The remote mail server is affected by a LPE / RCE Vulnerability.

Description

A remote code execution vulnerability exists in OpenSMTPD due to unsanitized email inputs. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges.

Solution

Update the affected opensmtpd package.

See Also

https://www.openwall.com/lists/oss-security/2020/01/28/3

https://nvd.nist.gov/vuln/detail/CVE-2020-7247

https://www.openbsd.org/errata66.html

Plugin Details

Severity: Critical

ID: 133717

File Name: opensmtpd_rce_cve-2020-7247.nasl

Version: 1.2

Type: remote

Published: 2020/02/14

Updated: 2020/02/14

Dependencies: 10263, 17975

Risk Information

Risk Factor: Critical

CVSS Score Source: CVE-2020-7247

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:opensmtpd

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2020/01/29

Vulnerability Publication Date: 2020/01/28

Exploitable With

Metasploit (OpenSMTPD MAIL FROM Remote Code Execution)

Reference Information

CVE: CVE-2020-7247