Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
Quote:
|
The delivery agent is invoked by OpenSMTPD executing a shell command
|
That from an operating system that touts itself as secure, and then allows a shellcode injection attack? This has been hanging out there for at least two years. So much for that careful auditing of all the code.