[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: shellshock via =?UTF-8?Q?SMTP=3F?=
From:       hamann.w () t-online ! de
Date:       2014-10-30 5:03:19
Message-ID: wolfgang-1141030060319.A0115934 () amadeus3 ! local
[Download RAW message or body]

>> 2014-10-29 16:26, Joe Acquisto-j4 wrote:
>> > Comments on the ZD net article that claims shellshock exploit via
>> > crafty SMTP headers?   Just asking, that's all . . .
>> > 
>> > I attached a link to it below, please excuse if that is improper 
>> > behavior.
>> >   http://www.zdnet.com/shellshock-attacks-mail-servers-7000035094/
>> 
>> I have seen one such sample. Must be a really dumb mail delivery agent
>> or a content filter or a MUA that lets a mail header touch a shell.
>> 
>> No matter whether bash is patched or not, tainted data from a mail
>> message must never be handed over to shell.

Hi,

suppose your mail system does everything fine, there may still be final delivery,
where procmail, sieve, .qmail files jump in.
There might be some program delivery, such as a mailing list manager
that handles mail to unsubscribe-xxx@
or a local service that accepts mail to fax@localhost with the fax number in the subject field.

In such situations, the delivery stage of tthe mailer may only make a decision (and
let the called process parse the message again) or it may place smtp header data into
variables for the benefit of the called process.

Now let the end user put in a shell script to solve a particular need...

Regards
Wolfgang
>> 
>>    Mark




[prev in list] [next in list] [prev in thread] [next in thread]