Path: nntp.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Marco Moock <mm@dorfdsl.de>
Newsgroups: news.admin.peering
Subject: Re: Is Rocksolid Light really compromised and insecure?
Date: Sat, 12 Jul 2025 20:55:07 +0200
Organization: A noiseless patient Spider
Lines: 22
Message-ID: <20250712205507.6a4eda98@ryz.dorfdsl.de>
References: <104tuhe$2r60t$1@paganini.bofh.team>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 12 Jul 2025 20:55:08 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="7b23cd492e5550348a224f9d5902b933";
	logging-data="2420708"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+DhN/XvfBjucr4Nzt7Gaft"
Cancel-Lock: sha1:DD8KGP1onzHcOIFerCjavb+7AZI=
X-Newsreader: Claws Mail 4.3.1 (GTK 3.24.49; x86_64-pc-linux-gnu)

On 12.07.2025 10:21 Uhr Anonymous wrote:

> Some have claimed that Rocksolid Light is insecure. They have claimed
> that there are many vulnerabilities in the codebase. They have
> claimed that Rocksolid Light should not be used or peered.
> 
> Yet I have not seen a single supposed vulnerability demonstrated.
> 
> I have not seen any CVE filings.
> 
> Can anyone demonstrate and prove any of the claimed exploits?

It least older versions were vulnerable to SQL injections that made
creating files in the spool directory possible. The files.php file also
seems vulnerable to such attacks.

-- 
kind regards
Marco

Send spam to 1752308479muell@stinkedores.dorfdsl.de