CVE-2020-7247

Name of the Vulnerable Software and Affected Versions OpenSMTPD versions 6.6

Description The issue is related to the smtp mailaddr function in the smtp session.c file of the OpenSMTPD mail daemon, which is used in OpenBSD and other products. It allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Recommendations For OpenSMTPD version 6.6, update to version 6.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable smtp mailaddr function in the smtp session.c file until a patch is available. Avoid using the MAIL FROM field with shell metacharacters in the affected API endpoint until the issue is resolved.