Re: [courier-users] Bash shell security issue - CVE-2014-6271
Brought to you by:
mrsam
From: Ángel G. <an...@16...> - 2014-09-26 00:36:22
|
Sam Varshavchik wrote: > > And is Courier affected by the “follow-up” CVE-2014-7169? > > I don't think the follow-up exploit is in scope. To use the follow-up > explot, so far, you need to somehow stuff the ">" character into an > email address. > > This is going to be a problem, since the > character terminates the > MAIL FROM or the RCPT TO command. So, I'm not worried about it. courier accepts CVE-2014-7169 poc in the EHLO |