Date: Fri, 2 Oct 2015 16:19:15 +0200 From: Gilles Chehade <gilles@...lp.org> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: oss-security <oss-security@...ts.openwall.com>, misc <misc@...nsmtpd.org> Subject: Re: CVE requests: Critical vulnerabilities in OpenSMTPD On Fri, Oct 02, 2015 at 03:29:31PM +0200, Jason A. Donenfeld wrote: > I haven't looked at these commits yet but: > > If a local user sends a message to a remote address, does this > outgoing connection open up this remote vulnerability vector? > It would still require a local user to do it and it would still only affect an unprivileged process. -- Gilles Chehade https://www.poolp.org @poolpOrg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ