Author: Paul Dekkers Date: To: eli-list CC: exim-users, 'Mark Morley' Subject: Re: [exim] Re: [exim-dev] buffer overflow?
Hi,
Eli wrote:
>I haven't read all the replies to this thread past this one, but here's a
>stab in the dark...
>
>I have a feeling Exim is just fine, and instead what you are all seeing is
>the result of a recent series of server hacks?
> I doubt that: I'm quite sure that we're not dealing with a hacked server
here, and I just noticed the entries in my logs as well.
> A hack is e-mailing someone
>elses passwd and group files to servers and it does it by simply catting the
>file as imput thus generates a sync error.
>
>Can you verify this *is* your group file you're seeing?
> I saw several unique group-entries for this host, so I'm confident that
this is our group (unfortunally). I also found our services file. They
weren't there before the 4.50 upgrade.
2005-03-13 07:10:40 SMTP protocol violation: synchronization error
(input sent without waiting for greeting): rejected connection from
H=someone.jp [219.126...] input="# $FreeBSD: src/etc/group,v 1.19.2.3
2002/06/30 17:57:17 des Exp $\n# ... (unique entries here ;-)) ..."
I just found the remote IP in sorbs btw, so I also assume it's no
legitimate user.
Paul
P.S. This specific machine is running 4.10 as well (although being far
from EoL it will be upgraded to the 5 series in the near future...)