Skip to content
/ cve-2020-7247 Public

OpenSMTPD version 6.6.2 remote code execution exploit

4 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

superzerosec/cve-2020-7247

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
README.md
README.md
 
 
poc1.py
poc1.py
 
 

Repository files navigation

cve-2020-7247

Exploit Title: OpenSMTPD 6.6.2 - Remote Code Execution.
The new Date: 2020-01-29.
Exploit Author: 1F98D.
Original Author: Qualys Security Advisory.
Vendor Homepage: https://www.opensmtpd.org/.
Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1.
Version: OpenSMTPD < 6.6.2.
Tested on: OpenBSD 6.6, OpenBSD 6.5, OpenBSD 6.4, OpenBSD 5.9.

OpenSMTPD after commit a8e222352f and before version 6.6.2 does not adequately escape dangerous characters from user-controlled input. An attacker can exploit this to execute arbitrary shell commands on the target.

Usage

sudo apt install python3-pip
pip3 install --user pwn
python3 poc1.py LHOST LPORT RHOST RPORT

Credit

https://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html

About

OpenSMTPD version 6.6.2 remote code execution exploit

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages