oss-sec mailing list archives
Re: CVE requests: Critical vulnerabilities in OpenSMTPD
From: Gilles Chehade <gilles () poolp org>
Date: Fri, 2 Oct 2015 16:19:15 +0200
On Fri, Oct 02, 2015 at 03:29:31PM +0200, Jason A. Donenfeld wrote:
I haven't looked at these commits yet but: If a local user sends a message to a remote address, does this outgoing connection open up this remote vulnerability vector?
It would still require a local user to do it and it would still only affect an unprivileged process. -- Gilles Chehade https://www.poolp.org @poolpOrg
Current thread:
- CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Jason A. Donenfeld (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Gilles Chehade (Oct 02)
- Re: CVE requests: Critical vulnerabilities in OpenSMTPD Arrigo Triulzi (Oct 02)