Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-7247

Description

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

POC

Reference

- http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.html

- http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.html

- http://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.html

- http://seclists.org/fulldisclosure/2020/Jan/49

- http://www.openwall.com/lists/oss-security/2020/01/28/3

Github

- https://github.com/0xT11/CVE-POC

- https://github.com/0xdea/exploits

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/DarkRelay-Security-Labs/vulnlab_aws

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/FiroSolutions/cve-2020-7247-exploit

- https://github.com/G01d3nW01f/SMTPython

- https://github.com/HimmelAward/Goby_POC

- https://github.com/KhushiV099/Project_Ubuntu

- https://github.com/Ki11i0n4ir3/SMTPython

- https://github.com/Mr-Tree-S/POC_EXP

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/QTranspose/CVE-2020-7247-exploit

- https://github.com/SimonSchoeni/CVE-2020-7247-POC

- https://github.com/SrMeirins/HackingVault

- https://github.com/Threekiii/Awesome-Exploit

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Z0fhack/Goby_POC

- https://github.com/anoaghost/Localroot_Compile

- https://github.com/anquanscan/sec-tools

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/bcoles/local-exploits

- https://github.com/bytescrappers/CVE-2020-7247

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/doanhnn/HTB-Tentacle

- https://github.com/f4T1H21/CVE-2020-7247

- https://github.com/f4T1H21/HackTheBox-Writeups

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/gatariee/CVE-2020-7247

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/hwiwonl/dayone

- https://github.com/killvxk/Awesome-Exploit

- https://github.com/minhluannguyen/CVE-2020-7247-reproducer

- https://github.com/n0-traces/cve_monitor

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/presentdaypresenttime/shai_hulud

- https://github.com/r0lh/CVE-2020-7247

- https://github.com/soosmile/POC

- https://github.com/superzerosec/cve-2020-7247

- https://github.com/superzerosec/poc-exploit-index