In article <dde9e95a0cbeb42be10c0cba26016c2d(_at_)mailbox(_dot_)ijs(_dot_)si>
you write:
Arnt Gulbrandsen wrote:
On Wednesday, November 12, 2014 7:24:44 PM CEST, Murray S. Kucherawy
wrote:
Looks vaguely like the recent bash attack.
Yes. It's trying to see whether anyone's handling To, References, Cc,
From, Subject, Date, Message-ID, Comments, Keywords, Resent-Date,
Resent-From or Resent-Sender using bash. But is anyone falling for it?
I'm curious.
Yes, apparently qmail:
qmail is a vector for CVE-2014-6271 (bash "shellshock")
http://www.gossamer-threads.com/lists/qmail/users/138578
Depends how your computer is set up. Qmail uses /bin/sh for command
deliveries, and it puts parameters in environment variables, so if
your /bin/sh is actually bash (a bad idea but very common on linux
systems) bad stuff can happen.
I would think that sendmail and postfix .forward files would have the
same problem.
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822