Really great article.
Was very fun to read.
And again thanks for your work on osmtpd, am actually sending from a
server set up from your poolp post :D
Sucks about the bug, but logic errors are the wurst.
Take care.
---
Aisha
blog.aisha.cc
On 2020-01-31 13:48, gilles@poolp.org wrote:
> January 30, 2020 4:44 PM, gilles@poolp.org wrote:
>
>> It depends on your configuration, not all setups are vulnerable.
>>
>> I think I recall your name from the comments on my tutorial and this
>> is a
>> setup that would not be vulnerable for example. The bug still exists,
>> but
>> it can't be used to exploit the same code path.
>>
>> You should update, this is not something you want to rely on.
>>
>> I'm writing a _very_ detailed post-mortem which will go into the
>> details,
>> I just want to give it a few days to make sure it is as informative as
>> it
>> should.
>>
>
>
> As promised, I have written a (too much ?) detailed write-up about the
> recent event:
>
> https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
>
> Hope it clarifies what happened and plans for the future.
>
> Gilles
No comments:
Post a Comment