On Mon, 6 Oct 2014, Matthew Miller wrote:
On Mon, Oct 06, 2014 at 11:07:16PM +0000, Bill Oliver wrote:
> First, I apologize for this not being fedora-specific, but I just got
> the oddest email. It looks like an intrusion attempt, trying to get
> sendmail to execute a perl script. Is anybody familiar with this
> particular pattern?
Oh my yes. This is a probe for CVE-2014-6271, a serious bug in bash known as
"shellshock". See
<
http://fedoramagazine.org/shellshock-how-does-it-actually-work/>.
If your system is up to date, you should be safe -- all major distributions
released patches quickly.
I sorta thought that, but I didn't think that sendmail was vulnerable to it...
billo