| Título | LPE and RCE in OpenSMTPD |
|---|
| Descripción | We discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root:
- either locally, in OpenSMTPD's default configuration (which listens on the loopback interface and only accepts mail from localhost);
- or locally and remotely, in OpenSMTPD's "uncommented" default configuration (which listens on all interfaces and accepts external mail).
CVE-2020-7247
Proof of Concept Exploit available |
|---|
| Fuente | ⚠️ https://www.openwall.com/lists/oss-security/2020/01/28/3 |
|---|
| Usuario | misc (UID 3) |
|---|
| Sumisión | 2020-01-29 09:43 (hace 6 años) |
|---|
| Moderación | 2020-08-10 10:38 (6 months later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 149547 [OpenSMTPD 6.6 SMTP Session smtp_session.c MAIL FROM escalada de privilegios] |
|---|
| Puntos | 19 |
|---|