Beside the real vulnerability, what is interesting that Qualys used an
outdated Fedora package to prepare the report:
On Linux, this vulnerability is generally not exploitable because
/proc/sys/fs/protected_hardlinks prevents attackers from creating
hardlinks to files they do not own. On Fedora
Oh, I see. They added an amendment to the end.
Last-minute note: on February 9, 2020, opensmtpd-6.6.2p1-1.fc31 was
released and correctly made smtpctl set-group-ID smtpq, instead of
set-group-ID root.
Rather strange that they haven't managed to update packages for two
weeks before checking
February 24, 2020 9:08 PM, gil...@poolp.org wrote:
> February 24, 2020 6:54 PM, ml+opensmtpd_m...@esmtp.org wrote:
>
>> On Mon, Feb 24, 2020, Peter J. Philipp wrote:
>>
>>> I got another "bouncing messages from misc@opensmtpd.org" message. The
>>
>> Me too... and it's the second time I cannot
February 26, 2020 8:30 AM, gil...@poolp.org wrote:
> February 24, 2020 9:08 PM, gil...@poolp.org wrote:
>
>> February 24, 2020 6:54 PM, ml+opensmtpd_m...@esmtp.org wrote:
>>
>>> On Mon, Feb 24, 2020, Peter J. Philipp wrote:
>>
>> I got another "bouncing messages from misc@opensmtpd.org"
I wrote a simple perl module for easing the writing of filter/reports
for OpenSMTPD. It isn't 100% complete, but its usable.
http://www.pettijohn-web.com/OpenSMTPD-Report-0.01.tar.gz
Edgar
On Mon, 24 Feb 2020 18:41:19 +0100 "Peter J. Philipp" wrote:
> I got another "bouncing messages from misc@opensmtpd.org" message. The
> particular message was 4669 that bounced. Yet I have no record of this in
> my maillog,...
Same here.
Cheers,
--
Craig Skinner | http://linkd.in/yGqkv7