This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote mail server allows remote command execution via Shellshock.
The remote host appears to be running Qmail. A remote attacker can
exploit Qmail to execute commands via a specially crafted MAIL FROM
header if the remote host has a vulnerable version of Bash. This is
due to the fact that Qmail does not properly sanitize input before
setting environmental variables.
A negative result from this plugin does not prove conclusively that
the remote system is not affected by Shellshock, only that Qmail could
not be used to exploit the Shellshock flaw.
See also :
Apply the referenced Bash patch.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true