SB2020041310 - Fedora EPEL 7 update for libasr, opensmtpd
Published: April 13, 2020 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2020-7247)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper validation of user-supplied input passed within the smtp_mailaddr() function. A remote unauthenticated attacker can send a specially crafted MAIL FROM command and execute arbitrary OS commands on the target system with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Out-of-bounds read (CVE-ID: CVE-2020-8794)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in mta_io() function in mta_session.c for multi-line replies during mail delivery. A remote attacker can use a mail server to send specially crafted replies, trigger out-of-bounds read error and read contents of memory on the system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-8793)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application does not drop privileges when executing the "/usr/sbin/smtpctl" application with a "-bi" command-line argument. A local user can leverage this behavior and use a specially crafted hardlink to execute arbitrary code on the system with elevated privileges.
Remediation
Install update from vendor's website.