CVE-2020-7247
published 2020-01-29CVE-2020-7247: smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via…
PriorityP195critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
98.97%
99.9th percentile
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | opensmtpd | < opensmtpd 6.6.2p1-1 (bookworm) | opensmtpd 6.6.2p1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| openbsd | opensmtpd | — | — |
| opensmtpd | opensmtpd | >= 0 < 6.6.2p1-1 | 6.6.2p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.6.2p1-1 | 6.6.2p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.6.2p1-1 | 6.6.2p1-1 |
| opensmtpd | opensmtpd | >= 0 < 6.6.2p1-1 | 6.6.2p1-1 |
| opensmtpd | opensmtpd | >= 0 < 5.4.1p1-1ubuntu0.1~esm1 | 5.4.1p1-1ubuntu0.1~esm1 |
| opensmtpd | opensmtpd | >= 0 < 5.7.3p2-1ubuntu0.1~esm2 | 5.7.3p2-1ubuntu0.1~esm2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring SMTP MAIL FROM fields for shell metacharacters (e.g., '$', '|') in the local part of the address, which are characteristic of CVE-2020-7247 exploitation. ↗
- →Use Qualys QQL query to find impacted hosts: vulnerabilities.vulnerability.qid:50097 or vulnerabilities.vulnerability.cveIds:`CVE-2020-7247` ↗
- ·The vulnerability only affects the 'uncommented' default configuration of OpenSMTPD; non-default configurations may not be exposed. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
OpenSMTPD Remote Code Execution Vulnerability
cisa·2022-03-25·CVSS 9.8
CVE-2020-7247 [CRITICAL] CWE-755 OpenSMTPD Remote Code Execution Vulnerability
Vulnerability: OpenSMTPD Remote Code Execution Vulnerability
Affected: OpenBSD OpenSMTPD
smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-7247
Remediation Due Date: 2022-04-15
Ubuntu
OpenSMTPD vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenSMTPD vulnerabilities
Title: OpenSMTPD vulnerabilities
Summary: Several security issues were fixed in OpenSMTPD.
It was discovered that OpenSMTPD incorrectly verified the sender's or
receiver's e-mail addresses under certain conditions. An attacker could
possibly use this vulnerability to execute arbitrary commands as root.
(CVE-2020-7247)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
16.04 ESM. (CVE-2020-8793)
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could possibly use this vulnerability to execute
arbitrary shell commands as any non-root user. This issue only affected
Ubuntu 16.04 ES
Ubuntu
OpenSMTPD vulnerability
vendor_ubuntu·2020-02-05
CVE-2020-7247 OpenSMTPD vulnerability
Title: OpenSMTPD vulnerability
Summary: OpenSMTPD could be made to run programs as root if it received specially
crafted input over the network.
It was discovered that OpenSMTPD incorrectly verified the sender's or
receiver's e-mail addresses under certain conditions. An attacker could use
this vulnerability to execute arbitrary commands as root.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-7247: opensmtpd - smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and oth...
vendor_debian·2020·CVSS 9.8
CVE-2020-7247 [CRITICAL] CVE-2020-7247: opensmtpd - smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and oth...
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Scope: local
bookworm: resolved (fixed in 6.6.2p1-1)
bullseye: resolved (fixed in 6.6.2p1-1)
forky: resolved (fixed in 6.6.2p1-1)
sid: resolved (fixed in 6.6.2p1-1)
trixie: resolved (fixed in 6.6.2p1-1)
GHSA
GHSA-rcw6-69h3-89fh: smtp_mailaddr in smtp_session
ghsa_unreviewed·2022-05-24
CVE-2020-7247 [HIGH] CWE-252 GHSA-rcw6-69h3-89fh: smtp_mailaddr in smtp_session
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
OSV
opensmtpd vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2020-7247 [CRITICAL] opensmtpd vulnerabilities
opensmtpd vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or
receiver's e-mail addresses under certain conditions. An attacker could
possibly use this vulnerability to execute arbitrary commands as root.
(CVE-2020-7247)
It was discovered that OpenSMTPD did not properly handle hardlinks under
certain conditions. An unprivileged local attacker could possibly use this
issue to obtain sensitive information. This issue only affected Ubuntu
16.04 ESM. (CVE-2020-8793)
It was discovered that OpenSMTPD mishandled certain input. A remote,
unauthenticated attacker could possibly use this vulnerability to execute
arbitrary shell commands as any non-root user. This issue only affected
Ubuntu 16.04 ESM. (CVE-2020-8794)
OSV
CVE-2020-7247: smtp_mailaddr in smtp_session
osv·2020-01-29·CVSS 9.8
CVE-2020-7247 [CRITICAL] CVE-2020-7247: smtp_mailaddr in smtp_session
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
VulnCheck
OpenSMTPD Remote Code Execution Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-7247 [CRITICAL] CWE-755 OpenSMTPD Remote Code Execution Vulnerability
OpenSMTPD Remote Code Execution Vulnerability
smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Affected: OpenBSD OpenSMTPD
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/84f50ceb9674; https://vulncheck.com/xdb/e74dfea19420; https://vulncheck.com/xdb/bf9da7b38b61; https://vulncheck.com/xdb/dfc825b4e351; https://vulncheck.com/xdb/15de84180d62
Remediation Due: 2022-04-15
Suricata
ET EXPLOIT Possible OpenSMTPD RCE Inbound (CVE-2020-7247)
suricata·2021-02-17·CVSS 9.8
CVE-2020-7247 [CRITICAL] ET EXPLOIT Possible OpenSMTPD RCE Inbound (CVE-2020-7247)
ET EXPLOIT Possible OpenSMTPD RCE Inbound (CVE-2020-7247)
Rule: alert smtp any any -> [$HOME_NET,$SMTP_SERVERS] any (msg:"ET EXPLOIT Possible OpenSMTPD RCE Inbound (CVE-2020-7247)"; flow:established,to_server; content:"MAIL|20|FROM|3a|<|3b|"; fast_pattern; reference:url,blog.qualys.com/vulnerabilities-research/2020/01/29/openbsd-opensmtpd-remote-code-execution-vulnerability-cve-2020-7247; reference:cve,2020-7247; classtype:attempted-admin; sid:2031621; rev:1; metadata:attack_target SMTP_Server, created_at 2021_02_17, cve CVE_2020_7247, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_02_17;)
Exploit-DB
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
exploitdb·2020-02-11·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
OpenSMTPD 6.4.0
#
# smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and
# other products, allows remote attackers to execute arbitrary commands as root
# via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL
# FROM field. This affects the "uncommented" default configuration. The issue
# exists because of an incorrect return value upon failure of input validation
# (CVE-2020-7247).
#
# "Wow. I feel all butterflies in my tummy that bugs like this still exist.
# That's awesome :)" -- skyper
#
# This exploit targets OpenBSD's OpenSMTPD in order to escalate privileges to
# root on OpenBSD in the default configuration, or execute remote commands as
# root (only in OpenSMTPD "uncommented" default configuration).
#
# See also:
# https://www.qualys.c
Exploit-DB
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
exploitdb·2020-02-10
CVE-2020-7247 OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution',
'Description' => %q{
This module exploits a command injection in the MAIL FROM field during
SMTP interaction with OpenSMTPD to execute code as the root user.
},
'Author' => [
'Qualys', # Discovery and PoC
'wvu', # Module
'RageLtMan ' # Module
],
'References' => [
['CVE', '2020-7247'],
['URL', 'https://www.openwall.com/lists/oss-security/2020/01/28/3']
],
'DisclosureDate' => '2020-01-28',
'License' => MSF_LICENSE,
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Privileged' => true,
'Targets' => [
['OpenSMTPD >= commit a8e222352f',
Exploit-DB
OpenSMTPD 6.6.1 - Remote Code Execution
exploitdb·2020-01-30·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenSMTPD 6.6.1 - Remote Code Execution
OpenSMTPD 6.6.1 - Remote Code Execution
---
# Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution
# Date: 2020-01-29
# Exploit Author: 1F98D
# Original Author: Qualys Security Advisory
# Vendor Homepage: https://www.opensmtpd.org/
# Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1
# Version: OpenSMTPD '.format(sys.argv[0]))
print("E.g. {} 127.0.0.1 25 'touch /tmp/x'".format(sys.argv[0]))
sys.exit(1)
ADDR = sys.argv[1]
PORT = int(sys.argv[2])
CMD = sys.argv[3]
s = socket(AF_INET, SOCK_STREAM)
s.connect((ADDR, PORT))
res = s.recv(1024)
if 'OpenSMTPD' not in str(res):
print('[!] No OpenSMTPD detected')
print('[!] Received {}'.format(str(res)))
print('[!] Exiting...')
sys.exit(1)
print('[*] OpenSMTPD detected')
s.send(b'HELO x\r\n')
res = s.recv(1024)
if '250
Nuclei
OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution
nuclei·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution
OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution
OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Template:
id: CVE-2020-7247
info:
name: OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution
author: princechaddha
severity: critical
description: |
OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.
Metasploit
OpenSMTPD MAIL FROM Remote Code Execution
metasploit
OpenSMTPD MAIL FROM Remote Code Execution
OpenSMTPD MAIL FROM Remote Code Execution
This module exploits a command injection in the MAIL FROM field during SMTP interaction with OpenSMTPD to execute a command as the root user.
Qualys
Mutagen Astronomy: From Discovery to CISA Recognition—A Seven-Year Journey
blogs_qualys·2026-02-02·CVSS 7.8
CVE-2018-14634 [HIGH] Mutagen Astronomy: From Discovery to CISA Recognition—A Seven-Year Journey
## Table of Contents
Introduction
Why This Matters Now
Looking Back: The Original Discovery
Guidance for Security Teams
A Note on Our Research Mission
Conclusion
Frequently Asked Questions (FAQs)
## Introduction
On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog . The same vulnerability was discovered by the Qualys Threat Research Unit (TRU) in September 2018.
We nicknamed it “Mutagen Astronomy” as a tribute to the 1992 film Sneakers . In that movie, the phrase “Setec Astronomy” is revealed as an anagram for “Too Many Secrets.” Following that tradition, “Mutagen Astronomy” is our anagram for “Too Many Arguments”, which precisely captures the technical root cause of this vulnera
Qualys
Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV | Qualys
blogs_qualys·2026-02-02·CVSS 7.8
CVE-2018-14634 [HIGH] Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV | Qualys
#### Table of Contents
- Introduction
- Why This Matters Now
- Looking Back: The Original Discovery
- Guidance for Security Teams
- A Note on Our Research Mission
- Conclusion
- Frequently Asked Questions (FAQs)
## Introduction
On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog. The same vulnerability was discovered by the Qualys Threat Research Unit (TRU) in September 2018.
We nicknamed it “Mutagen Astronomy” as a tribute to the 1992 film Sneakers. In that movie, the phrase “Setec Astronomy” is revealed as an anagram for “Too Many Secrets.” Following that tradition, “Mutagen Astronomy” is our anagram for “Too Many Arguments”, which precisely captures the technical root cause of this
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh. This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC is working, but the service could also be used by attackers who want to be sure an exploit is working.
This blog will first introduce the Interactsh tool and how researchers or attackers can leverage it to perform vulnerability validation. We then describe some of the many exploits in the wild leveraging this tool, and we
Unit42
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
blogs_unit42·2021-10-14
Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Threat Research Center
Threat Research
Cybercrime
## Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
Yue Guan
Jin Chen
Leo Olson
Wayne Xin
Daiping Liu
Published: October 14, 2021
Cybercrime
Threat Research
Attack analysis
Exploit
Exploit in the wild
Interactsh
## Executive Summary
Recently, Unit 42 has observed active exploits related to an open-source service called Interactsh . This tool can generate specific domain names to help its users test whether an exploit is successful. It can be used by researchers – but also by attackers – to validate vulnerabilities via real-time monitoring on the trace path for the domain. Researchers creating a proof of concept (PoC) for an exploit can insert Interactsh to check whether the PoC
Trendmicro
CVE-2020-8794 Can Lead to Privilege Escalation and RCE
blogs_trendmicro·2020-03-12·CVSS 9.8
CVE-2020-8794 [CRITICAL] CVE-2020-8794 Can Lead to Privilege Escalation and RCE
Exploits & Vulnerabilities
# CVE-2020-8794 Can Lead to Privilege Escalation and RCE
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) was discovered in OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code.
By: Alexander Elkholy
2020/03/12
Read time: ( words)
Save to Folio
A root privilege escalation and remote execution vulnerability (designated as CVE-2020-8794) has been discovered in the free and open-source Unix Daemon, OpenSMTPD. The flaw originates from an out-of-bounds read, which attackers can take advantage of to execute arbitrary code on vulnerable systems.
### What is the vulnerability about?
Discovered by Qualys Research Labs and disclosed on February 24, 2020
Qualys
OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247) | Qualys
blogs_qualys·2020-01-29·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247) | Qualys
#### Table of Contents
- Vulnerability Details
- Detecting CVE-2020-7247
- Finding Vulnerable Hosts
- Remediation
- References
Qualys Research Labs discovered a vulnerability in OpenBSD’s OpenSMTPD mail server that allows an attacker to execute arbitrary shell commands with elevated privileges. OpenBSD developers have confirmed the vulnerability and also quickly provided a patch.
Proof-of-concept exploits are published in the security advisory.
## Vulnerability Details
This vulnerability exists in OpenBSD’s mail server OpenSMTPD’s “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user.
Exploitation of the vulnerability had some limitations in terms of local part length (max 64 characters is
Qualys
OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247)
blogs_qualys·2020-01-29·CVSS 9.8
CVE-2020-7247 [CRITICAL] OpenBSD OpenSMTPD Remote Code Execution Vulnerability (CVE-2020-7247)
## Table of Contents
Vulnerability Details
Detecting CVE-2020-7247
Finding Vulnerable Hosts
Remediation
References
Qualys Research Labs discovered a vulnerability in OpenBSD’s OpenSMTPD mail server that allows an attacker to execute arbitrary shell commands with elevated privileges. OpenBSD developers have confirmed the vulnerability and also quickly provided a patch.
Proof-of-concept exploits are published in the security advisory .
## Vulnerability Details
This vulnerability exists in OpenBSD’s mail server OpenSMTPD’s “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user.
Exploitation of the vulnerability had some limitations in terms of local part length (max 64 characters is allowe
Bugzilla
CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [fedora-all]
bugzilla·2020-02-03·CVSS 9.8
CVE-2020-7247 [CRITICAL] CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [fedora-all]
CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
Bugzilla
CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session
bugzilla·2020-02-03·CVSS 9.8
CVE-2020-7247 [CRITICAL] CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session
CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session
A vulnerability was found in smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Reference:
https://seclists.org/fulldisclosure/2020/Jan/49
https://www.openwall.com/lists/oss-security/2020/01/28/3
https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45
Discussion:
Created opensmtpd tracking bugs for this issue:
Affects: e
Bugzilla
CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all]
bugzilla·2020-02-03·CVSS 9.8
CVE-2020-7247 [CRITICAL] CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all]
CVE-2020-7247 opensmtpd: arbitrary commands execution in smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: t
arXiv
Attack Effect Model based Malicious Behavior Detection
arxiv_fulltext·2025-06-05
Attack Effect Model based Malicious Behavior Detection
Attack Effect Model based Malicious Behavior Detection
Limin Wang, Lei Bu^( ), Muzimiao Zhang, Shihong Cang, Kai Ye
State Key Laboratory of Novel Software Techniques, Nanjing University, Nanjing, Jiangsu 210023, China
Email: [email protected],
-8.8mm
\@IEEEpubidpullup6.5
Network and Distributed System Security (NDSS) Symposium 2025
24-28 February 2025, San Diego, CA, USA
ISBN 979-8-9894372-8-3
https://dx.doi.org/10.14722/ndss.2025.[23|24]xxxx
www.ndss-symposium.org
[ ]
## Abstract
Traditional security detection methods struggle to keep pace with the rapidly evolving landscape of cyber threats targeting critical infrastructure and sensitive data. These approaches suffer from three critical limitations: non-security-oriented system activity data collection that fails to capture c
arXiv
VulZoo: A Comprehensive Vulnerability Intelligence Dataset
arxiv_fulltext·2024-09-24
VulZoo: A Comprehensive Vulnerability Intelligence Dataset
: A Comprehensive Vulnerability Intelligence Dataset
Bonan Ruan^ 0.2em Jiahao Liu^ 0.2em Weibo Zhao^ 0.2em Zhenkai Liang^
0.1cm^ \ National University of Singapore
0.1cm
r-bonan, jiahao99, weibo, [email protected]
Bonan Ruan, Jiahao Liu, Weibo Zhao, and Zhenkai Liang
## Abstract
Software vulnerabilities pose critical security and risk concerns for many software systems.
Many techniques have been proposed to effectively assess and prioritize these vulnerabilities before they cause serious consequences.
To evaluate their performance, these solutions often craft their own experimental datasets from limited information sources, such as MITRE CVE and NVD, lacking a global overview of broad vulnerability intelligence.
The repetitive data preparation process further complicates the ve
arXiv
Evaluation of Reinforcement Learning for Autonomous Penetration Testing using A3C, Q-learning and DQN
arxiv_fulltext·2024-07-22
Evaluation of Reinforcement Learning for Autonomous Penetration Testing using A3C, Q-learning and DQN
Evaluation of Reinforcement Learning for Autonomous Penetration Testing using A3C, Q-learning and DQN
Norman Becker
German Research Center for Artificial Intelligence (DFKI)
Kaiserslautern
Germany
[email protected]
0009-0008-5575-1393
Daniel Reti
German Research Center for Artificial Intelligence (DFKI)
Kaiserslautern
Germany
[email protected]
0000-0001-8071-6188
Evridiki V.Ntagiou
OPS-GDA, ESA-ESOC
Darmstadt
Germany
[email protected]
0000-0003-3403-2863
Marcus Wallum
OPS-GDA, ESA-ESOC
Darmstadt
Germany
[email protected]
0009-0004-3306-856X
Hans D. Schotten
Also with Department of Electrical and Computer Engineering, Technische Universität Kaiserslautern.
German Research Center for Artificial Intelligence (DFKI)
Kaiserslautern
Germany
[email protected]
http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.htmlhttp://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Jan/49http://www.openwall.com/lists/oss-security/2020/01/28/3https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://seclists.org/bugtraq/2020/Jan/51https://usn.ubuntu.com/4268-1/https://www.debian.org/security/2020/dsa-4611https://www.kb.cert.org/vuls/id/390745https://www.openbsd.org/security.htmlhttp://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.htmlhttp://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Jan/49http://www.openwall.com/lists/oss-security/2020/01/28/3https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://seclists.org/bugtraq/2020/Jan/51https://usn.ubuntu.com/4268-1/https://www.debian.org/security/2020/dsa-4611https://www.kb.cert.org/vuls/id/390745https://www.openbsd.org/security.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247
2020-01-29
Published
2022-03-25
Added to CISA KEV
Exploited in the wild