Claus Assmann <ca+openbsd_m...@esmtp.org> writes:
> On Wed, Apr 08, 2020, Kevin Chadwick wrote:
>
>> OpenSMTPD does not listen to the internet, by default and even if you do set
>> it
>
> From: Qualys Security Advisory <q...@qualys.com>
> To: oss-secur...@lists.openwall.com
> Message-ID: <20200224184538.GF17396@localhost.localdomain>
>
> - Client-side exploitation: This vulnerability is remotely exploitable
> in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
My (default) smtpd.conf says:
listen on lo0
So how might that be remotely exploitable?
Allan
