[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] OpenDMARC buffer overflows
From: Thomas Ward <teward () thomas-ward ! net>
Date: 2019-09-17 18:57:34
Message-ID: 5f571403-9a7f-2967-737d-e8b754c288d8 () thomas-ward ! net
[Download RAW message or body]
On 9/17/19 2:20 PM, Alyssa Ross wrote:
> Hanno Böck <hanno@hboeck.de> writes:
>
>> In light of the recent OpenDMARC issue I had a look at their Github PR
>> tracker. This one
>> https://github.com/trusteddomainproject/OpenDMARC/pull/45
>> caught my attention.
> So a signature bypass, a buffer overflow, and no activity in years
> despite vulnerabilities having been reported months ago?
>
> Certainly doesn't look like software that people should be relying on
> for security...
... which is why I think distros are distro-patching it, like Scott
Kitterman is doing for Debian.
I have a host of other detections in line with OpenDMARC for detecting
invalid message structure, though, but it's definitely concerning to see
something like this - one of the few DMARC checkers that actually exists
in the OSS world - to be so behind from a Security perspective...
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic