CVE-2017-5930

LOW EXPLOITED

Opensuse Leap < 3.0.2 - Missing Authorization

Title source: rule

Exploitation Summary

CVE-2017-5930 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Jan-Frederik Rieckers, including a Metasploit module auxiliary/admin/http/pfadmin_set_protected_alias.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Postfixadmin (CVE-2017-5930) where protected aliases can be deleted and recreated to redirect emails. It authenticates as an admin, deletes the target alias, and recreates it with a new destination.

Description

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

Exploits (1)

metasploit WORKING POC

by Jan-Frederik Rieckers · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in Postfixadmin (CVE-2017-5930) where protected aliases can be deleted and recreated to redirect emails. It authenticates as an admin, deletes the target alias, and recreates it with a new destination.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Postfixadmin 2.91 to 3.0.1

Auth required

Prerequisites: Valid admin credentials · Target alias name · New redirection email address

MITRE ATT&CK