On Wed, Dec 04, 2019 at 11:08:44PM +0100, Henry Jensen wrote:
> Hi,
>
Hi,
> from https://seclists.org/oss-sec/2019/q4/120
>
> ==
> 1.2. Case study: smtpd
> ==
>
> To demonstrate how smtpd's authentication can be bypassed, we follow the
> instructions from the manual page of smtpd.conf:
>
> [...]
>
> I did verify, that this attack worked on my unpatched OpenBSD 6.6 Box.
> But I didn't get much further. After the authentication succeeded
> I continued with MAIL FROM: and RCPT TO: After the RCPT TO: the
> connection was aborted. After I patched my system I could no longer get
> a 235 2.0.0 Authentication succeeded message
>
> Question is: would it have been possible in the "real world" to exploit
> this to relay arbitrary messages (e.g. spam)?
>
Yes it would have been most definitely possible now if you have yourself
relayed spam, I'll tell you that it's very unlikely this was used.
--
Gilles Chehade @poolpOrg
https://www.poolp.orgpatreon: https://www.patreon.com/gilles