Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20151002141915.GB15335@poolp.org>
Date: Fri, 2 Oct 2015 16:19:15 +0200
From: Gilles Chehade <gilles@...lp.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: oss-security <oss-security@...ts.openwall.com>,
	misc <misc@...nsmtpd.org>
Subject: Re: CVE requests: Critical vulnerabilities in
 OpenSMTPD

On Fri, Oct 02, 2015 at 03:29:31PM +0200, Jason A. Donenfeld wrote:
> I haven't looked at these commits yet but:
> 
> If a local user sends a message to a remote address, does this
> outgoing connection open up this remote vulnerability vector?
> 

It would still require a local user to do it and it would still only
affect an unprivileged process.


-- 
Gilles Chehade

https://www.poolp.org                                          @poolpOrg

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.