Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org#GillesChehade : « #OpenSMTPD #advisory dissected »
« What we need is to make changes so that #OpenSMTPD becomes more resistant to #HumanErrors.
[…] What made the #exploit possible is the #LogicMistake in validation code and the use of system() with that invalid input, but what made the #escalation possible is the #mbox delivery method. »
https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
#mbox #escalation #LogicMistake #exploit #humanerrors #advisory #opensmtpd #GillesChehade