CVE-2020-7247CISA KEV: Actively Exploited

OpenSMTPD Remote Code Execution Vulnerability

Published Mar 25, 2022·Updated Mar 25, 2022

Description

smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

Public Exploits & PoCs11 found

PoC: cve-2020-7247-exploit

Python exploit of cve-2020-7247

25

PoC: CVE-2020-7247-exploit

OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution PoC exploit

7

PoC: CVE-2020-7247

Proof Of Concept Exploit for CVE-2020-7247 (Remote Execution on OpenSMTPD < 6.6.2

4

PoC: cve-2020-7247

OpenSMTPD version 6.6.2 remote code execution exploit

4

PoC: CVE-2020-7247

Initial POC for CVE-2020-7247

2

PoC: CVE-2020-7247

This vulnerability exists in OpenBSD’s mail server OpenSMTPD’s “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user

2

PoC: shai_hulud

Worm written in python, abuses CVE-2020-7247

1

PoC: CVE-2020-7247-POC

Proof of concept for CVE-2020-7247 for educational purposes.

1

PoC: CVE-2020-7247

PoC exploit for CVE-2020-7247 OpenSMTPD 6.4.0 < 6.6.1 Remote Code Execution

1

PoC: OpenSMTPD-6.6.1---Remote-Code-Execution---Linux-remote-Exploit

EDB-ID: 47984 CVE: 2020-7247 EDB Verified: Author: 1F98D Type: REMOTE Exploit: / Platform: LINUX Date: 2020-01-30 Vulnerable App: # Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution # Date: 2020-01-29 # Exploit Author: 1F98D # Original Author: Qualys Security Advisory # Vendor Homepage: https://www.opensmtpd.org/ # Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 # Version: OpenSMTPD < 6.6.2 # Tested on: Debian 9.11 (x64) # CVE: CVE-2020-7247 # References: # https:

PoC: CVE-2020-7247

This vulnerability exists in OpenBSD’s mail server OpenSMTPD’s “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free