Postfix Script Remote Command Execution via Shellshock
Critical Nessus Plugin ID 77969
SynopsisThe remote mail server uses scripts that allow remote command execution via Shellshock.
DescriptionThe remote host appears to be running Postfix. Postfix itself is not vulnerable to Shellshock; however, any bash script Postfix runs for filtering or other tasks could potentially be affected if the script exports an environmental variable from the content or headers of a message.
A negative result from this plugin does not prove conclusively that the remote system is not affected by Shellshock, only that any scripts Postfix may be running do not create the conditions that are exploitable via the Shellshock flaw.
SolutionApply the referenced Bash patch or remove the Postfix scripts.