On Wed, Dec 04, 2019 at 11:08:44PM +0100, Henry Jensen wrote: > Hi, >
Hi, > from https://seclists.org/oss-sec/2019/q4/120 > > ============================================================================== > 1.2. Case study: smtpd > ============================================================================== > > To demonstrate how smtpd's authentication can be bypassed, we follow the > instructions from the manual page of smtpd.conf: > > [...] > > I did verify, that this attack worked on my unpatched OpenBSD 6.6 Box. > But I didn't get much further. After the authentication succeeded > I continued with MAIL FROM: and RCPT TO: After the RCPT TO: the > connection was aborted. After I patched my system I could no longer get > a 235 2.0.0 Authentication succeeded message > > Question is: would it have been possible in the "real world" to exploit > this to relay arbitrary messages (e.g. spam)? > Yes it would have been most definitely possible now if you have yourself relayed spam, I'll tell you that it's very unlikely this was used. -- Gilles Chehade @poolpOrg https://www.poolp.org patreon: https://www.patreon.com/gilles
