<![CDATA[I laughed at the description of `sendmail` as “... less a mail transfer agent and more a recurring CVE subscription.”]]>I laughed at the description of `sendmail` as “... less a mail transfer agent and more a recurring CVE subscription.”

Link Preview Image
We Asked Claude to Audit Sagredo's qmail. It found a RCE.

One prompt, 101 minutes, and a working exploit against a widely deployed qmail fork.

favicon

(blog.calif.io)

]]>https://board.circlewithadot.net/topic/09453d7b-4d26-4829-861e-c855393c78ff/i-laughed-at-the-description-of-sendmail-as-...-less-a-mail-transfer-agent-and-more-a-recurring-cve-subscription.RSS for NodeFri, 15 May 2026 00:22:06 GMTMon, 20 Apr 2026 01:56:26 GMT60<![CDATA[Reply to I laughed at the description of `sendmail` as “... less a mail transfer agent and more a recurring CVE subscription.” on Mon, 20 Apr 2026 14:24:01 GMT]]>@angusm

I don't know, you'd probably have to pay a human a lot to be willing to look at code like that...

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/david_chisnall/statuses/116437486235104363https://board.circlewithadot.net/post/https://infosec.exchange/users/david_chisnall/statuses/116437486235104363Mon, 20 Apr 2026 14:24:01 GMT<![CDATA[Reply to I laughed at the description of `sendmail` as “... less a mail transfer agent and more a recurring CVE subscription.” on Mon, 20 Apr 2026 13:04:57 GMT]]>@david_chisnall Feels like the kind of vulnerability that you shouldn’t need 101 minutes of “AI” time to detect.

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/angusm/statuses/116437175359207131https://board.circlewithadot.net/post/https://mastodon.social/users/angusm/statuses/116437175359207131Mon, 20 Apr 2026 13:04:57 GMT<![CDATA[Reply to I laughed at the description of `sendmail` as “... less a mail transfer agent and more a recurring CVE subscription.” on Mon, 20 Apr 2026 07:19:25 GMT]]>@angusm

Is that code really using popen invoking touch to do the equivalent of open?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/david_chisnall/statuses/116435816643854018https://board.circlewithadot.net/post/https://infosec.exchange/users/david_chisnall/statuses/116435816643854018Mon, 20 Apr 2026 07:19:25 GMT