Le 29/10/2014 16:54, Mark Martinec a écrit :
2014-10-29 16:26, Joe Acquisto-j4 wrote:
Comments on the ZD net article that claims shellshock exploit via
crafty SMTP headers? Just asking, that's all . . .
I attached a link to it below, please excuse if that is improper
behavior.
http://www.zdnet.com/shellshock-attacks-mail-servers-7000035094/
I have seen one such sample. Must be a really dumb mail delivery agent
or a content filter or a MUA that lets a mail header touch a shell.
Even my low-volume server has seen a few attempts, though the sending
bots didn't follow proper SMTP protocol and were duly rejected by
postscreen (not that they would have gotten anywhere near a shell anyway
of course!). Curiously most appeared to be proof-of-concept testing
rather than a true attack, as they were attempting to call /usr/bin/id
--
John
