CVE-2020-7247 – CVE-2020-7247 is a critical remote code executi... (How to Fix)

Q: What is the severity of CVE-2020-7247?

CVE-2020-7247 has a CVSS score of 9.8 (CRITICAL). CVE-2020-7247 is a critical remote code execution vulnerability in OpenSMTPD that allows unauthenticated remote attackers to execute arbitrary commands as root via specially crafted SMTP sessions. This affects OpenSMTPD 6.6 and OpenBSD 6.6 with the default configuration, enabling complete system compromise.

📋 TL;DR

CVE-2020-7247 is a critical remote code execution vulnerability in OpenSMTPD that allows unauthenticated remote attackers to execute arbitrary commands as root via specially crafted SMTP sessions. This affects OpenSMTPD 6.6 and OpenBSD 6.6 with the default configuration, enabling complete system compromise.

💻 Affected Systems

Products:

OpenSMTPD
OpenBSD

Versions: OpenSMTPD 6.6, OpenBSD 6.6

Operating Systems: OpenBSD, Linux distributions with OpenSMTPD

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default 'uncommented' configuration. Other products using OpenSMTPD may also be vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with root privileges, allowing attacker to install persistent backdoors, exfiltrate data, or use system as pivot point for further attacks.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or cryptocurrency mining malware installation.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented, though still significant due to root access.

🌐 Internet-Facing: HIGH - SMTP servers are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Lower exposure but still critical if exploited internally, especially in multi-tenant environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploit scripts available. Attack requires network access to SMTP port (typically 25, 587, or 465).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenSMTPD 6.6.3 or later

Vendor Advisory: https://www.openbsd.org/errata66.html

Restart Required: Yes

Instructions:

1. Update OpenSMTPD to version 6.6.3 or later. 2. For OpenBSD: Use syspatch or pkg_add -u. 3. For other systems: Update through package manager or compile from source. 4. Restart OpenSMTPD service.

🔧 Temporary Workarounds

Disable vulnerable configuration

all

Modify OpenSMTPD configuration to avoid the vulnerable code path

Edit /etc/smtpd.conf and ensure 'accept from any for any' is not present in default configuration

Network filtering

linux

Restrict SMTP access to trusted sources only

iptables -A INPUT -p tcp --dport 25 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP

🧯 If You Can't Patch

Immediately restrict network access to SMTP service using firewall rules
Consider temporary service disablement if SMTP functionality is not critical

🔍 How to Verify

Check if Vulnerable:

Check OpenSMTPD version: smtpd -n -v. If version is 6.6 or 6.6.1, system is vulnerable.

Check Version:

smtpd -n -v | head -1

Verify Fix Applied:

Verify version is 6.6.3 or later: smtpd -n -v. Test with known exploit scripts to confirm patched.

📡 Detection & Monitoring

Log Indicators:

Unusual MAIL FROM commands with shell metacharacters
Failed validation attempts in smtp_session logs
Unexpected process execution from smtpd

Network Indicators:

SMTP sessions with malformed MAIL FROM fields
Unusual outbound connections from SMTP server

SIEM Query:

source="smtpd.log" AND "MAIL FROM" AND ("|" OR ";" OR "`" OR "$")

📊 Metadata

CVE ID: CVE-2020-7247

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: January 29, 2020

Last Updated: November 7, 2025

🔗 References

http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html Broken Link,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/49 Exploit,Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/01/28/3 Exploit,Mailing List,Third Party Advisory
https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45 Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/51 Mailing List,Third Party Advisory
https://usn.ubuntu.com/4268-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4611 Mailing List,Third Party Advisory
https://www.kb.cert.org/vuls/id/390745 Third Party Advisory,US Government Resource
https://www.openbsd.org/security.html Patch,Vendor Advisory
http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html Broken Link,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2020/Jan/49 Exploit,Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/01/28/3 Exploit,Mailing List,Third Party Advisory
https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45 Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/ Mailing List,Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/51 Mailing List,Third Party Advisory
https://usn.ubuntu.com/4268-1/ Third Party Advisory
https://www.debian.org/security/2020/dsa-4611 Mailing List,Third Party Advisory
https://www.kb.cert.org/vuls/id/390745 Third Party Advisory,US Government Resource
https://www.openbsd.org/security.html Patch,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7247, you might also want to check these: