{"id":"USN-4875-1","summary":"opensmtpd vulnerabilities","details":"It was discovered that OpenSMTPD incorrectly verified the sender's or\nreceiver's e-mail addresses under certain conditions. An attacker could\npossibly use this vulnerability to execute arbitrary commands as root.\n(CVE-2020-7247)\n\nIt was discovered that OpenSMTPD did not properly handle hardlinks under\ncertain conditions. An unprivileged local attacker could possibly use this\nissue to obtain sensitive information. This issue only affected Ubuntu\n16.04 ESM. (CVE-2020-8793)\n\nIt was discovered that OpenSMTPD mishandled certain input. A remote,\nunauthenticated attacker could possibly use this vulnerability to execute\narbitrary shell commands as any non-root user. This issue only affected\nUbuntu 16.04 ESM. (CVE-2020-8794)\n","modified":"2026-04-27T16:03:36.532386918Z","published":"2021-03-15T23:06:41Z","related":["UBUNTU-CVE-2020-7247","UBUNTU-CVE-2020-8793","UBUNTU-CVE-2020-8794"],"upstream":["CVE-2020-7247","CVE-2020-8793","CVE-2020-8794","UBUNTU-CVE-2020-7247","UBUNTU-CVE-2020-8793","UBUNTU-CVE-2020-8794"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4875-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-7247"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8793"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8794"}],"affected":[{"package":{"name":"opensmtpd","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/opensmtpd@5.4.1p1-1ubuntu0.1~esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.1p1-1ubuntu0.1~esm1"}]}],"versions":["5.3.3p1-4","5.4.1p1-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"5.4.1p1-1ubuntu0.1~esm1","binary_name":"opensmtpd"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4875-1.json","cves_map":{"cves":[{"id":"CVE-2020-7247","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"opensmtpd","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/opensmtpd@5.7.3p2-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.7.3p2-1ubuntu0.1~esm2"}]}],"versions":["5.4.2p1-4","5.7.3p1-1","5.7.3p2-1","5.7.3p2-1ubuntu0.1~esm1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"5.7.3p2-1ubuntu0.1~esm2","binary_name":"opensmtpd"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4875-1.json","cves_map":{"cves":[{"id":"CVE-2020-8793","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-8794","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.5"}