npub1gk…utj70 on Nostr: There's a bit of a controversy how SEC Consult handled disclosure of SMTP Smuggling ...
There's a bit of a controversy how SEC Consult handled disclosure of SMTP Smuggling vulns. SEC Consult has not published a test tool to check whether servers are affected. I have hacked together something quickly, please consider it work in progress, but I hope it helps people:
https://github.com/hannob/smtpsmug (but please note it does not test the postfix mitigation right now, I may add a check for that later)
Published at
2023-12-22 13:17:36Event JSON
{
"id": "5dc3b6ca7460217fe5763bef2d0e40c119720255dd619a07a0dced52d71f7968",
"pubkey": "45be03643b1b47c02f8c4bf8932009f10ffaead3770fb1a9a559f2155450723b",
"created_at": 1703251056,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/hanno/statuses/111624261244879324",
"activitypub"
]
],
"content": "There's a bit of a controversy how SEC Consult handled disclosure of SMTP Smuggling vulns. SEC Consult has not published a test tool to check whether servers are affected. I have hacked together something quickly, please consider it work in progress, but I hope it helps people: https://github.com/hannob/smtpsmug (but please note it does not test the postfix mitigation right now, I may add a check for that later)",
"sig": "6e15c8474728c329d25b136392d099468f0415880f8084b8ccf4b1308394a5cd8645670d86bd42dadddeeadedc560c8474c1e5c44b19e0e4029dc320443bc73c"
}
