Critical OpenSMTPD Bug Allows Root Shell Access on OpenBSD
OpenBSD users are warned about a critical vulnerability in their OpenSMTPD mail server. Qualys Research Labs discovered the issue, which allows attackers to execute shell commands with root privileges.
The vulnerability, tracked as CVE-2020-7247, exists in the 'smtp_mailaddr()' function of OpenSMTPD and affects OpenBSD version 6.6. Qualys has issued QID 50097 for their Vulnerability Management to help detect the issue.
Qualys researchers used a technique inspired by the Morris Worm to overcome exploitation limitations. Proof-of-concept exploits have been published in the security advisory. An attacker can execute arbitrary shell commands, such as 'sleep 66', with elevated privileges. The OpenBSD project has confirmed the vulnerability and provided a patch for affected users.
OpenBSD users are urged to install the patches for OpenBSD 6.6 to remediate the vulnerability. The patches are available from the OpenBSD project. Failure to patch could leave systems vulnerable to attacks that could execute arbitrary shell commands with root privileges.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
