On 10/30/2014 08:35 AM, Quinn Comendant wrote:
It hasn't been mentioned on this list yet so I thought I would bring it up: qmail exposes
environment variables in a way that a vulnerable bash is susceptible to CVE-2014-6271
(aka "shellshock").
If you have a patched bash, don't worry. If you haven't patched for this, do.
This post includes a full explanation plus proof of exploit:
http://www.gossamer-threads.com/lists/qmail/users/138578
Quinn
---------------------------------------------------------------------
Not surprised that you missed it Quinn, but there was a post here on
9/25 about it. ;) Pretty serious vulnerability, but easily remedied.
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
