Re: [ietf-822] inventive syntax, at least
"John Levine" <johnl@taugh.com> Sat, 15 November 2014 04:18 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FB191A0AF1 for <ietf-822@ietfa.amsl.com>; Fri, 14 Nov 2014 20:18:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.862
X-Spam-Level:
X-Spam-Status: No, score=0.862 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y-pTupxeu2rY for <ietf-822@ietfa.amsl.com>; Fri, 14 Nov 2014 20:18:27 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDA541A00E2 for <ietf-822@ietf.org>; Fri, 14 Nov 2014 20:18:26 -0800 (PST)
Received: (qmail 51279 invoked from network); 15 Nov 2014 04:18:24 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 15 Nov 2014 04:18:24 -0000
Date: Sat, 15 Nov 2014 04:18:02 -0000
Message-ID: <20141115041802.11249.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: ietf-822@ietf.org
In-Reply-To: <dde9e95a0cbeb42be10c0cba26016c2d@mailbox.ijs.si>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/Jzg1v2nDAA0XHnfo3OjEH-5bzgE
Cc: Mark.Martinec+ietf@ijs.si
Subject: Re: [ietf-822] inventive syntax, at least
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Nov 2014 04:18:28 -0000
In article <dde9e95a0cbeb42be10c0cba26016c2d@mailbox.ijs.si> you write: >Arnt Gulbrandsen wrote: >> On Wednesday, November 12, 2014 7:24:44 PM CEST, Murray S. Kucherawy >> wrote: >>> Looks vaguely like the recent bash attack. >> >> Yes. It's trying to see whether anyone's handling To, References, Cc, >> From, Subject, Date, Message-ID, Comments, Keywords, Resent-Date, >> Resent-From or Resent-Sender using bash. But is anyone falling for it? >> I'm curious. > >Yes, apparently qmail: > qmail is a vector for CVE-2014-6271 (bash "shellshock") > http://www.gossamer-threads.com/lists/qmail/users/138578 Depends how your computer is set up. Qmail uses /bin/sh for command deliveries, and it puts parameters in environment variables, so if your /bin/sh is actually bash (a bad idea but very common on linux systems) bad stuff can happen. I would think that sendmail and postfix .forward files would have the same problem.
- [ietf-822] inventive syntax, at least Arnt Gulbrandsen
- Re: [ietf-822] inventive syntax, at least Murray S. Kucherawy
- Re: [ietf-822] inventive syntax, at least Arnt Gulbrandsen
- Re: [ietf-822] inventive syntax, at least Mark Martinec
- Re: [ietf-822] inventive syntax, at least John Levine
- Re: [ietf-822] inventive syntax, at least Mark Martinec
- Re: [ietf-822] inventive syntax, at least Martijn Grooten
- Re: [ietf-822] inventive syntax, at least Arnt Gulbrandsen