It hasn't been mentioned on this list yet so I thought I would bring it up: qmail exposes environment variables in a way that a vulnerable bash is susceptible to CVE-2014-6271 (aka "shellshock").
If you have a patched bash, don't worry. If you haven't patched for this, do. This post includes a full explanation plus proof of exploit: http://www.gossamer-threads.com/lists/qmail/users/138578 Quinn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
