On Wed, 29 Oct 2014, Joe Acquisto-j4 wrote:
Comments on the ZD net article that claims shellshock exploit via crafty SMTP
headers? Just asking, that's all . . .
I attached a link to it below, please excuse if that is improper behavior.
http://www.zdnet.com/shellshock-attacks-mail-servers-7000035094/
There is at least one going around.
http://www.exploit-db.com/exploits/34896/
I've put what I hope are mitigations in my sample milter-regex.conf but I
haven't actually tested them.
http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
2 days until Halloween
