Bug lets an attacker execute arbitrary shell commands with elevated privileges
Security researchers at Qualys say they’ve identified a remotely exploitable vulnerability in OpenBSD’s mail server — utilised by a range of Linux distributions.
The important vulnerability is in OpenSMTPD, a absolutely free mail transfer agent that lets equipment exchange email messages with other devices talking the SMTP protocol.
The OpenSMTPD vulnerability, which has been exploitable given that Might 2018, allows an attacker to execute arbitrary shell commands, as root in two strategies:
- Regionally, in OpenSMTPD’s default configuration (which listens on
the loopback interface and only accepts mail from localhost)
- Remotely, in its “uncommented” default configuration (which listens on all interfaces and accepts external mail).
It is the third established of severe vulnerabilities learned in OpenBSD around the previous two months. Redwood, CA-primarily based Qualys mentioned it has examined a evidence of idea in opposition to OpenBSD six.six (the existing release) and Debian screening (Bullseye).
The organization warned that several distributions might be exploitable applying the vulnerability. It was not instantly crystal clear which distros ended up vulnerable.
Warn, Warn, Warn.
The wonderful individuals at Qualys have learned a important vulnerability in #OpenSMTPD.
Please examine this, enhance ASAP and RT so individuals get patched out as before long as possible.
We’ll create about it when things settle down.https://t.co/A4czIf1Ur1
— OpenSMTPD, Inc (@OpenSMTPD) January 28, 2020
OpenSMTPD Vulnerability, Morris Worm Inspiration
The group say they took inspiration from the 32-year-old Morris worm to exfiltrate data from the OpenSMTPD mail server applying the RCE — which allows an attacker to execute arbitrary shell commands with elevated privileges.
Animesh Jain, Solution Manager for Vulnerability Signatures at Qualys mentioned: “penBSD developers have confirmed the vulnerability and also rapidly supplied a patch. Exploitation of the vulnerability experienced some limits in conditions of nearby part length (max sixty four people is allowed) and people to be escaped (“$”, “|”).
He additional: “Qualys researchers ended up capable to conquer these limits applying a method from the Morris Worm (one of the first computer worms dispersed through the Online, and the first to achieve sizeable mainstream media consideration) by executing the system of the mail as a shell script in Sendmail.”
See also: VMware Warns Over AMD Driver Vulnerabilities