admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 10:41:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2020-7247

Browse Source
This commit is contained in:
tardc 2020-06-10 14:10:30 +08:00
parent 9445ea5500
commit fdecfa2782
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
OpenSMTPD/CVE-2020-7247/README.md Normal file
View File

@ -0,0 +1,10 @@
# CVE-2020-7247 OpenSMTPD Remote Code Execution Vulnerability
`smtp_mailaddr` in `smtp_session.c` in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
**[FOFA](https://fofa.so/result?qbase64=YmFubmVyPSJvcGVuc210cGQiICYmIHByb3RvY29sPT0ic210cCI%3D) query rule**: banner="opensmtpd" && protocol=="smtp"
# Demo
![](CVE-2020-7247.gif)