It depends on your configuration, not all setups are vulnerable. I think I recall your name from the comments on my tutorial and this is a setup that would not be vulnerable for example. The bug still exists, but it can't be used to exploit the same code path.
You should update, this is not something you want to rely on. I'm writing a _very_ detailed post-mortem which will go into the details, I just want to give it a few days to make sure it is as informative as it should. January 30, 2020 4:09 PM, "Flipchan" <flipc...@riseup.net> wrote: > Has anyone verified that it writes to disk as the qualysis report says ? > > I have tried on 6.5 and 6.4 but its not writing to disk > > https://www.qualys.com/2020/01/28/cve-2020-7247/lpe-rce-opensmtpd.txt > > On January 29, 2020 2:07:38 PM GMT+01:00, Oriol Demaria > <sysad...@the-grid.xyz> wrote: > >> I understand that root might be required to open privileged ports, but >> then how commands are run as root when you exploit opensmtpd >> vulnerability? >> >> In case someone hasn't seen patch right now your system. >> >> Regards. >> -- >> Oriol Demaria >> 0x58415679 > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity.
