← volver
CVE-2020-7247

CVE-2020-7247

CVSS 9.8 CRITICALEPSS 99.0%● KEVCWE-755
En resumen

OpenSMTPD 6.6 permite que atacantes remotos ejecuten comandos arbitrarios como root a través de una sesión SMTP manipulada, usando metacaracteres de shell en el campo MAIL FROM. Esta es una vulnerabilidad crítica que afecta la configuración predeterminada y puede comprometer completamente el sistema.

Detalle técnico

Una falla en la validación de entrada de la función smtp_mailaddr en smtp_session.c causa un retorno incorrecto, permitiendo que atacantes remotos no autenticados inyecten metacaracteres de shell mediante el comando MAIL FROM. La vulnerabilidad permite ejecución de comandos arbitrarios con privilegios root en sistemas OpenBSD 6.6 afectados ejecutando OpenSMTPD 6.6 con configuración predeterminada.

Resumen generado y traducido por IA a partir de la descripción oficial.
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a
PoCs públicas encontradas17
githubgithub.com/FiroSolutions/cve-2020-7247-exploit25githubgithub.com/QTranspose/CVE-2020-7247-exploit11githubgithub.com/r0lh/CVE-2020-72475githubgithub.com/superzerosec/cve-2020-72474githubgithub.com/presentdaypresenttime/shai_hulud2githubgithub.com/f4T1H21/CVE-2020-72472githubgithub.com/SimonSchoeni/CVE-2020-7247-POC2githubgithub.com/minhluannguyen/CVE-2020-7247-reproducer1githubgithub.com/bytescrappers/CVE-2020-72470exploitdbwww.exploit-db.com/exploits/48051no verificadocve_referencepacketstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.htmlno verificadocve_referencepacketstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/48038no verificadoexploitdbwww.exploit-db.com/exploits/47984no verificadocve_referencepacketstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/156137/OpenBSD-OpenSMTPD-Privilege-Escalation-Code-Execution.htmlhttp://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156249/OpenSMTPD-MAIL-FROM-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156295/OpenSMTPD-6.6.1-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/162093/OpenBSD-OpenSMTPD-6.6-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Jan/49https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://seclists.org/bugtraq/2020/Jan/51https://usn.ubuntu.com/4268-1/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7247https://www.debian.org/security/2020/dsa-4611