On Wed, Oct 29, 2014 at 11:26:44AM -0400, Joe Acquisto-j4 wrote:
> Comments on the ZD net article that claims shellshock exploit via crafty SMTP
> headers? Just asking, that's all . . .
>
> I attached a link to it below, please excuse if that is improper behavior.
>
> http://www.zdnet.com/shellshock-attacks-mail-servers-7000035094/
By this point, all your systems should be using a patched "bash"
that no longer supports exporting of functions via the environment.
If, however some system is not patched, and you're using some
external LDA that places header elements in the environment, then
indeed there could be an issue.
Patch all systems. Don't export untrusted data into the environment.
--
Viktor.
