On 9/9/22 1:58 PM, Vincent Bernat wrote:
On 2022-09-09 19:36, Matt Corallo wrote:
The attacker is still limited to the target directory. The attacker can send files that were
excluded or not requested, but they still end up in the target directory. RPKI validators
download stuff in a dedica
On 2022-09-09 19:36, Matt Corallo wrote:
The attacker is still limited to the target directory. The attacker
can send files that were excluded or not requested, but they still end
up in the target directory. RPKI validators download stuff in a
dedicated download directory
Ah, okay, thanks, i
On 9/9/22 2:36 AM, Vincent Bernat wrote:
The attacker is still limited to the target directory. The attacker can send files that were
excluded or not requested, but they still end up in the target directory. RPKI validators download
stuff in a dedicated download directory
Ah, okay, thanks,
On 2022-09-09 04:56, Matt Corallo wrote:
Has anyone done an analysis of the rsync CVE-2022-29154 (which "allows
malicious remote servers to write arbitrary files inside the directories
of connecting peers") and its potential impact on RPKI validators? It
looks like both Debian [1] and Ubuntu [2
Has anyone done an analysis of the rsync CVE-2022-29154 (which "allows malicious remote servers to
write arbitrary files inside the directories of connecting peers") and its potential impact on RPKI
validators? It looks like both Debian [1] and Ubuntu [2] opted *not* to patch rsync in their
rele
5 matches
Mail list logo
