CVE-2020-8794
CVE-2020-8794
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 88.9%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Ciclo de vida
24 feb 2020Exploit Metasploit disponible
25 feb 2020Publicada en NVD
26 feb 2020PoC pública
Velocidad de armamento
el mismo díahasta el primer PoC
Armada rápidamente — los atacantes priorizaron esta vulnerabilidad. Corrige con urgencia.
Recomendación: Planificar corrección próxima — ya existe PoC pública.
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.htmlno verificadoexploitdbwww.exploit-db.com/exploits/48185no verificadoexploitdbwww.exploit-db.com/exploits/48140no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://packetstormsecurity.com/files/156633/OpenSMTPD-Out-Of-Bounds-Read-Local-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2020/Feb/32https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OPH4QU4DNVHA7ACFXMYFCEP5PSXXPN4E/https://usn.ubuntu.com/4294-1/https://www.debian.org/security/2020/dsa-4634https://www.openbsd.org/security.htmlhttps://www.openwall.com/lists/oss-security/2020/02/24/5http://www.openwall.com/lists/oss-security/2020/02/26/1http://www.openwall.com/lists/oss-security/2020/03/01/1http://www.openwall.com/lists/oss-security/2020/03/01/2http://www.openwall.com/lists/oss-security/2021/05/04/7