-
MattJ
fail2ban RCE flaw, may be relevant for some operators: https://research.securitum.com/fail2ban-remote-code-execution/
-
Maranda
huhu
-
Martin
> Establishing a secure connection from mdosch.de to creep.im failed. Certificate hash: 7e01f09a320af31fec98101812deaa9cd9fff6b68620a8e0987f07fe3b805600. Error with certificate 1: certificate has expired.
-
ernst.on.tour
Maybe the LetsEncrypt-RootCert-Timeline ?
-
Martin
> Establishing a secure connection from deshalbfrei.org to mdosch.de failed. Certificate hash: 8b6942031fb060cd574bb87fc86d2f28bdfcac7f37696d28591c8ac49e0f8e09. Error with certificate 1: certificate has expired.
-
ij
Martin, deshalbfrei.org seems to suffer from the same issue I experienced the last days… maybe there are some expired certs installed on that ejabberd server that were signed with the old CA chain… ejabberd maybe pics the CA from the first (expired) chain and uses that also for the other fullchain.pems, invalidating same… but just a guess… however, deleting those old certs worked for me (plus restarting ejabberd instead of reload-config)
-
Ellenor Bjornsd.
i should write a better fail2ban with blackjack and hookers✎ -
Ellenor Bjornsd.
i should write a better fail2ban with blackjack and cookies ✏
-
moparisthebest
That's an awesome RCE
-
Ellenor Bjornsd.
Is it mitigated if you use a sendmail-compatible submission agent directly?
-
moparisthebest
Ellenor Bjornsd.: You aren't using https://www.geoghegan.ca/pfbadhost.html ?
-
Ellenor Bjornsd.
I don't use any such solution