On Wed, Dec 04, 2019 at 11:08:44PM +0100, Henry Jensen wrote:
> Hi,
> 

Hi,


> from https://seclists.org/oss-sec/2019/q4/120
> 
> ==============================================================================
> 1.2. Case study: smtpd
> ==============================================================================
> 
> To demonstrate how smtpd's authentication can be bypassed, we follow the
> instructions from the manual page of smtpd.conf:
> 
> [...]
>
> I did verify, that this attack worked on my unpatched OpenBSD 6.6 Box.
> But I didn't get much further. After the authentication succeeded
> I continued with MAIL FROM: and RCPT TO: After the RCPT TO: the
> connection was aborted. After I patched my system I could no longer get
> a 235 2.0.0 Authentication succeeded message
> 
> Question is: would it have been possible in the "real world" to exploit
> this to relay arbitrary messages (e.g. spam)?
> 

Yes it would have been most definitely possible now if you have yourself
relayed spam, I'll tell you that it's very unlikely this was used.

-- 
Gilles Chehade                                                 @poolpOrg

https://www.poolp.org            patreon: https://www.patreon.com/gilles

Reply via email to