CVE-2020-7247 log

Severity Critical
Remote Yes
Type Arbitrary command execution
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
Group Package Affected Fixed Severity Status Ticket
AVG-1090 opensmtpd 6.6.1p1-1 6.6.2p1-1 Critical Fixed
Date Advisory Group Package Severity Type
29 Jan 2020 ASA-202001-6 AVG-1090 opensmtpd Critical arbitrary command execution