Security researchers have discovered a new critical error in OpenSMTPD e-mail server. A hacker could remotely exploit this error to execute "shell" commands as root on an operating system. OpenSMTPD is included in many operating system-based systems Unix, such as FreeBSD, NetBSD, MacOSThe Linux (Alpine, Arch, Debian, Fedora, CentOS). This is a bug that has been around since late 2015, according to Qualys researchers. This remote code execution error, which is identified as CVE-2020-8794, exists in the default installation of OpenSMTPD. In addition, a Proof-of-concept has been created (PoC) operating code to be released on February 26.
PoC is ready for release. There are two possible exploitation scenarios. From the customer side, the glitch Remote can be exploited if OpenSMTPD has the default configuration. By default, the installation receives messages from local users and transfers them to remote servers.
The exploitation on the part server is possible when the attacker connects to the OpenSMTPD server and sends the email it creates bounce. When OpenSMTPD reconnects, the attacker can benefit from client vulnerability.
The PoC created by Qualys has been successfully tested in the current OpenBSD 6.6, OpenBSD 5.9, Debian 10, Debian 11 and Fedora 31. System administrators are invited to implement the latest patches.
The recovery is provided in OpenSMTPD 6.6.4p1, in which the developer recommends installing it as soon as possible. Finally, in OpenBSD, binary fixes are available, running the syspatch command and confirming that OpenSMTPD was restarted.