RCE In OpenSMTPD Library Impacts BSD And Linux Distros (Jan 29, 2020)
A vulnerability disclosed as “CVE-2020-7247” gives the ability for threat actors to exploit the OpenSMPTD protocol for privilege escalation and remote execution abilities, according to Qualys researchers. OpenSMTPD is an open-source version of the SMTP protocol used for email transmission and is in various Berkeley Software Distribution (BSD) and Linux distributions. Threat actors are able to exploit this vulnerability by sending warped SMTP messages to servers that have not been patched for “CVE-2020-7247”. Since reporting patches have been released by OpenSMTPD developers in version 6.6.2p1 and it is advised for users to update their systems to prevent being exploited.
Recommendation: The security update should be applied as soon as possible to personal computers because of the high criticality rating of this vulnerability and the potential for an actor to take control of an affected BSD and Linux systems. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit. The update page can be found at: https://github.com/OpenSMTPD/OpenSMTPD/releases
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.