Yes, apparently qmail:
qmail is a vector for CVE-2014-6271 (bash "shellshock")
http://www.gossamer-threads.com/lists/qmail/users/138578
John Levine wrote:
Depends how your computer is set up. Qmail uses /bin/sh for command
deliveries, and it puts parameters in environment variables, so if
your /bin/sh is actually bash (a bad idea but very common on linux
systems) bad stuff can happen.
I would think that sendmail and postfix .forward files would have the
same problem.
Postfix is not a vector for shellshock, explicitly stated here:
http://marc.info/?l=postfix-users&m=141461595214262
Don't know about sendmail, although we would probably hear
about it by now if it were.
Mark
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822