2014-10-29 16:26, Joe Acquisto-j4 wrote:
Comments on the ZD net article that claims shellshock exploit via
crafty SMTP headers? Just asking, that's all . . .
I attached a link to it below, please excuse if that is improper
behavior.
http://www.zdnet.com/shellshock-attacks-mail-servers-7000035094/
I have seen one such sample. Must be a really dumb mail delivery agent
or a content filter or a MUA that lets a mail header touch a shell.
No matter whether bash is patched or not, tainted data from a mail
message must never be handed over to shell.
Mark
