ietf-822
[Top] [All Lists]

Re: [ietf-822] inventive syntax, at least

2014-11-15 04:50:06
Yes, apparently qmail:
  qmail is a vector for CVE-2014-6271 (bash "shellshock")
  http://www.gossamer-threads.com/lists/qmail/users/138578

John Levine wrote:
Depends how your computer is set up.  Qmail uses /bin/sh for command
deliveries, and it puts parameters in environment variables, so if
your /bin/sh is actually bash (a bad idea but very common on linux
systems) bad stuff can happen.

I would think that sendmail and postfix .forward files would have the
same problem.

Postfix is not a vector for shellshock, explicitly stated here:
  http://marc.info/?l=postfix-users&m=141461595214262

Don't know about sendmail, although we would probably hear
about it by now if it were.

  Mark

_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822