Target from: CVE Network

Intermediate, Rootable

CVE-2020-7247 / 0.0.0.0

4: Flags (2:system, env, root)
1: Service
3,600 pts

20%

Level 7 / Senior Securitas

Praise / 265th Place

0: Flags found
1: Service discovered
100 pts

This is a target running a vulnerable OpenSMTPD instance of CVE-2020-7247.

Description

A vulnerability discovered in OpenSMTPD, OpenBSD's mail server was exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root

Environment details

The system is accessible at 10.0.100.33 and runs OpenSMTPD on Debian Buster on the default port (25/tcp).

Flags can be found at the usual places:

  • /root
  • /etc/passwd gecos
  • /etc/shadow password hash
  • env variable

References

Activity Stream

Latest activity on the platform

Praise Connected to the smtp port of CVE-2020-7247 for 100 points, 25 days ago