Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.
According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD’s sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it.
The flaw affects OpenBSD version 6.6 and works against the default configuration for both, the locally enabled interface as well as remotely if the daemon has been enabled to listen on all interfaces and accepts external mail.
“Exploitation of the vulnerability had some limitations in terms of local part length (max 64 characters is allowed) and characters to be escaped (‘$’, ‘|’),” the researchers said in an advisory.
“Qualys researchers were able…