CVE-2020-8794
OpenSMTPD OOB Read Local Privilege Escalation
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
7
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
OpenSMTPD versiones anteriores a 6.6.4, permite una ejecución de código remota debido a una lectura fuera de límites en la función mta_io en el archivo mta_session.c para respuestas multilínea. Aunque esta vulnerabilidad afecta al lado del cliente de OpenSMTPD, es posible atacar a un servidor porque el código del servidor inicia el código del cliente durante el manejo de saltos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-07 CVE Reserved
- 2020-02-24 First Exploit
- 2020-02-25 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Feb/32 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/03/01/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/03/01/2 | Mailing List |
|
| https://www.openbsd.org/security.html | Third Party Advisory | |
| https://seclists.org/oss-sec/2020/q1/96 |
|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4294-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensmtpd Search vendor "Opensmtpd" | Opensmtpd Search vendor "Opensmtpd" for product "Opensmtpd" | < 6.6.4 Search vendor "Opensmtpd" for product "Opensmtpd" and version " < 6.6.4" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||