OpenSMTPD 漏洞列表
共找到 3 个与 OpenSMTPD 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2020-7247: OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution POC
OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. -
CVE-2020-7247: OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution POC
OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. -
OpenSMTPD < 6.6.2 远程代码执行漏洞 无POC
smtp_mailaddr在OpenSMTPD 6.6 smtp_session.c,如在OpenBSD的6.6和其它产品中使用的,允许远程攻击者通过制作SMTP会话执行任意命令为根,通过在MAIL FROM字段shell字符所证明。这会影响“注释掉”默认配置。这个问题的存在,因为在输入验证失败的不正确的返回值。