[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disable escapes to prevent command-injection attacks
From: |
Sergey Poznyakoff |
Subject: |
Re: Disable escapes to prevent command-injection attacks |
Date: |
Wed, 06 Oct 2021 21:45:08 +0200 |
User-agent: |
MH (GNU Mailutils 3.13.90) |
Quinn Comendant <quinn@strangecode.com> ha escrit:
> I recently learned of a vulnerability where an arbitrary command can
> be executed by root if the body of an email passed to `mail` contains
> unsanitized ~! or ~| escapes.
This has been fixed on July 19 (commit 4befcfd015). The fix is included
in version 3.13. Please, upgrade.
Regards,
Sergey