Re: [courier-users] Bash shell security issue - CVE-2014-6271
Brought to you by:
mrsam
Menu
▾
▴
Re: [courier-users] Bash shell security issue - CVE-2014-6271
|
From: Sam V. <mr...@co...> - 2014-09-26 23:43:32
|
Wolfgang Jeltsch writes: > Am Donnerstag, den 25.09.2014, 20:56 -0400 schrieb Sam Varshavchik: > > Ángel González writes: > > > > > Sam Varshavchik wrote: > > > > > And is Courier affected by the “follow-up” CVE-2014-7169? > > > > > > > > I don't think the follow-up exploit is in scope. To use the follow-up > > > > explot, so far, you need to somehow stuff the ">" character into an > > > > email address. > > > > > > > > This is going to be a problem, since the > character terminates the > > > > MAIL FROM or the RCPT TO command. So, I'm not worried about it. > > > > > > courier accepts CVE-2014-7169 poc in the EHLO > > > > That's not enough. This has to make it into some bash process's initial > > environment. > > > > It's not going to make it into the shell that runs .courier delivery > > commands. > > What if I have > > DEFAULTDELIVERY="| /usr/bin/maildrop" > > in /etc/courier/courierd? Will the EHLO string be passed to a shell in > this case? No. |
