On 2020-04-08 18:39, Claus Assmann wrote:
> - Client-side exploitation: This vulnerability is remotely exploitable
> in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
You missed some out. I assume on purpose.
Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
So it does require internal users to make an action and a MITM or outbound
connection to an attacker controlled server and not an incoming connection...
Qualsys chose to call that remote, at a stretch. Either way, it does not change
the point around "everything is hackable" being false. I never brought up smtpd
and never said smtpd was unhackable!
No comments:
Post a Comment