[Top] [All Lists]

Re: [ietf-822] inventive syntax, at least

2014-11-15 04:50:06
Yes, apparently qmail:
  qmail is a vector for CVE-2014-6271 (bash "shellshock")

John Levine wrote:
Depends how your computer is set up.  Qmail uses /bin/sh for command
deliveries, and it puts parameters in environment variables, so if
your /bin/sh is actually bash (a bad idea but very common on linux
systems) bad stuff can happen.

I would think that sendmail and postfix .forward files would have the
same problem.

Postfix is not a vector for shellshock, explicitly stated here:

Don't know about sendmail, although we would probably hear
about it by now if it were.


ietf-822 mailing list