Qmail Remote Command Execution via Shellshock

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote mail server allows remote command execution via Shellshock.

Description :

The remote host appears to be running Qmail. A remote attacker can
exploit Qmail to execute commands via a specially crafted MAIL FROM
header if the remote host has a vulnerable version of Bash. This is
due to the fact that Qmail does not properly sanitize input before
setting environmental variables.

A negative result from this plugin does not prove conclusively that
the remote system is not affected by Shellshock, only that Qmail could
not be used to exploit the Shellshock flaw.

See also :

http://seclists.org/oss-sec/2014/q3/650
http://www.nessus.org/u?dacf7829
https://www.invisiblethreat.ca/post/shellshock/

Solution :

Apply the referenced Bash patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 77970 ()

Bugtraq ID: 70103
70137

CVE ID: CVE-2014-6271
CVE-2014-7169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now