View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 29, 2020

Critical Bug Fix: OpenBSD Vulnerability Needs Urgent Patching – RCE With Morris Worm Inspiration

Bug lets an attacker execute arbitrary shell commands with elevated privileges

By CBR Staff Writer

Security researchers at Qualys say they’ve identified a remotely exploitable vulnerability in OpenBSD’s mail server — used by a range of Linux distributions.

The critical vulnerability is in OpenSMTPD, a free mail transfer agent that lets machines exchange emails with other systems speaking the SMTP protocol.

The OpenSMTPD vulnerability, which has been exploitable since May 2018, allows an attacker to execute arbitrary shell commands, as root in two ways:

  • Locally, in OpenSMTPD’s default configuration (which listens on
    the loopback interface and only accepts mail from localhost);
  • Remotely, in its “uncommented” default configuration (which listens on all interfaces and accepts external mail).

It is the third set of serious vulnerabilities discovered in OpenBSD over the past two months. Redwood, CA-based Qualys said it has tested a proof of concept against OpenBSD 6.6 (the current release) and Debian testing (Bullseye).

The company warned that various distributions may be exploitable using the vulnerability. It was not immediately clear which distros were vulnerable.

OpenSMTPD Vulnerability, Morris Worm Inspiration

The team say they took inspiration from the 32-year-old Morris worm to exfiltrate data from the OpenSMTPD mail server using the RCE — which allows an attacker to execute arbitrary shell commands with elevated privileges. 

Animesh Jain, Product Manager for Vulnerability Signatures at Qualys said: “penBSD developers have confirmed the vulnerability and also quickly provided a patch. Exploitation of the vulnerability had some limitations in terms of local part length (max 64 characters is allowed) and characters to be escaped (“$”, “|”).

He added: “Qualys researchers were able to overcome these limitations using a technique from the Morris Worm (one of the first computer worms distributed via the Internet, and the first to gain significant mainstream media attention) by executing the body of the mail as a shell script in Sendmail.”

See also: VMware Warns Over AMD Driver Vulnerabilities



Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy