SMTP problems : OpenSMTPD < 6.6.2p1 RCE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.153183

Categoría: SMTP problems

Título: OpenSMTPD < 6.6.2p1 RCE Vulnerability - Active Check

Resumen: OpenSMTPD is prone to a remote code execution (RCE); vulnerability.

Descripción: Summary:
OpenSMTPD is prone to a remote code execution (RCE)
vulnerability.

Vulnerability Insight:
smtp_mailaddr in smtp_session.c in OpenSMTPD allows remote
attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by
shell metacharacters in a MAIL FROM field. This affects the 'uncommented' default configuration.
The issue exists because of an incorrect return value upon failure of input validation.

Affected Software/OS:
OpenSMTPD version 6.6.x prior to 6.6.2p1.

Solution:
Update to version 6.6.2p1 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-7247
Bugtraq: 20200129 [SECURITY] [DSA 4611-1] opensmtpd security update (Google Search)
https://seclists.org/bugtraq/2020/Jan/51
CERT/CC vulnerability note: VU#390745
https://www.kb.cert.org/vuls/id/390745
Debian Security Information: DSA-4611 (Google Search)
https://www.debian.org/security/2020/dsa-4611
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/
http://seclists.org/fulldisclosure/2020/Jan/49
http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html
http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html
http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2020/01/28/3
https://usn.ubuntu.com/4268-1/

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.153183
Categoría:	SMTP problems
Título:	OpenSMTPD < 6.6.2p1 RCE Vulnerability - Active Check
Resumen:	OpenSMTPD is prone to a remote code execution (RCE); vulnerability.
Descripción:	Summary: OpenSMTPD is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: smtp_mailaddr in smtp_session.c in OpenSMTPD allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the 'uncommented' default configuration. The issue exists because of an incorrect return value upon failure of input validation. Affected Software/OS: OpenSMTPD version 6.6.x prior to 6.6.2p1. Solution: Update to version 6.6.2p1 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-7247 Bugtraq: 20200129 [SECURITY] [DSA 4611-1] opensmtpd security update (Google Search) https://seclists.org/bugtraq/2020/Jan/51 CERT/CC vulnerability note: VU#390745 https://www.kb.cert.org/vuls/id/390745 Debian Security Information: DSA-4611 (Google Search) https://www.debian.org/security/2020/dsa-4611 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ http://seclists.org/fulldisclosure/2020/Jan/49 http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2020/01/28/3 https://usn.ubuntu.com/4268-1/
Copyright	Copyright (C) 2024 Greenbone AG