Claus Assmann <ca+OpenBSD_misc@esmtp.org> writes:
> On Wed, Apr 08, 2020, Kevin Chadwick wrote:
>
>> OpenSMTPD does not listen to the internet, by default and even if you do set it
>
> From: Qualys Security Advisory <qsa@qualys.com>
> To: oss-security@lists.openwall.com
> Message-ID: <20200224184538.GF17396@localhost.localdomain>
>
> - Client-side exploitation: This vulnerability is remotely exploitable
> in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
My (default) smtpd.conf says:
listen on lo0
So how might that be remotely exploitable?
Allan
No comments:
Post a Comment