|
|
@window | |||||
|
“To overcome these limitations, we drew inspiration from the Morris worm... which exploited the DEBUG vulnerability in Sendmail by executing the body of a mail as a
shell script”
oss-security - LPE and RCE in OpenSMTPD (CVE-2020-7247)
openwall.com/lists/oss-secu…
|
||||||
|
||||||
|
|
Window Snyder
@window
|
29. sij |
|
HT @qualys security team for the 90s style lolz.
|
||
|
|
||
|
Elias Ladopoulos
@acidphreak
|
30. sij |
|
This vector never gets stale, no matter how many times it gets reused. A classic.
|
||
|
|
||
|
Steven Bellovin
@SteveBellovin
|
29. sij |
|
Cool bug! And why on earth did OpenBSD invoke a shell?
|
||
|
|
||
|
raptor
@0xdea
|
29. sij |
|
If you ask me, we already have a @PwnieAwards winner for 2020
|
||
|
|
||
|
Wendy M. Grossman
@wendyg
|
29. sij |
|
So nice when people revive the classics.
|
||
|
|
||
|
Telecomix Canada
@TelecomixCanada
|
29. sij |
|
wait .. there are people who don't use #Postfix? #openBSD #CVE20207247
>kernel-panic.it/openbsd/mail/m…
twitter.com/window/status/…
|
||
|
|
||
|
axleyjc
@axleyjc
|
29. sij |
|
Wow, the security shine has really worn off OpenBSD.
Or was it all a myth?
|
||
|
|
||