| Summary: | mail-filter/opendkim: "Composition kills" vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | klondike, mjo |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/trusteddomainproject/OpenDKIM/issues/134 | ||
| Whiteboard: | ?? | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2022-12-30 21:50:01 UTC
The USENIX talk is mostly about tricking user interfaces. When used for signing, I don't see any issues that could affect OpenDKIM. For verification, there was one attack where gmail could be tricked into making an incorrect DNS query by putting a NULL character in the selector name. Similar attacks could conceivably affect OpenDKIM, but the github issue does not mention any specifically. FWIW OpenDKIM is under-maintained upstream, and I would recommend using something else (spamassassin, dkimpy) for verification. But there are no obvious problems with OpenDKIM here. Works for me. I've subscribed to the bug upstream and I'll reopen if anything actionable comes of it. |