ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

OpenSMTPD Exploit - CVE-2020-7247

Risk Factors

This vulnerability is well known and SMTP servers are often exposed to the internet. An attacker can gain control of the mail server and perform additional attacks, such as denial-of-service (DoS), permanent data loss, privilege escalation, or lateral movement attacks on the network.

Kill Chain

Exploitation

Risk Score

94

Next in Exploitation: Oracle WebLogic Administration Console Exploit Attempt - [Multiple CVEs]

Attack Background

OpenSMTPD is an open-source mail transfer agent (MTA) that runs on Unix servers. The OpenSMTPD smtp_mailaddr() function has a vulnerability in how it validates sender and recipient mail addresses. The attacker sends a malformed SMTP message with the MAIL FROM or RCPT TO fields containing a blank domain and a malicious command instead of a valid local address. The server fills in the blank domain with a default value and passes the local address contents to the server without validation, allowing the command to run with the privileges of the daemon, which often runs as root.

Mitigation Options

Update OpenSMTPD to version 6.6.2 or later

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right