OpenSMTPD MAIL FROM command injection

Added: 02/10/2020
CVE: CVE-2020-7247

Background

OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms.

Problem

The smtp_mailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary commands into the MAIL FROM header.

Resolution

Upgrade to OpenSMTPD 6.6.2p1 or higher.

References

https://www.kb.cert.org/vuls/id/390745/

Limitations

Exploit works with OpenSMTPD 6.6.0.
Back to exploit index