[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] options sniffing via email?
- Subject: Re: [cobalt-security] options sniffing via email?
- From: "David Black" <DavidBlack@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Jun 2003 18:13:50 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
Sent: Sunday, June 22, 2003 1:21 PM
Subject: [cobalt-security] options sniffing via email?
> Can anyone shed some light on (how and why) someone
> may be attempting to email what appears to be options
> information to themselves?
>
> I received a couple of bounces (host unknown) like this:
>
> ==========
> Return-Path: <httpd>
> Received: (from httpd@localhost)
> by www.victimized.com (8.10.2/8.10.2) id h5MIAg329578
> for gigalova@xxxxxx; Sun, 22 Jun 2003 13:10:42 -0500
> Date: Sun, 22 Jun 2003 13:10:42 -0500
> From: httpd <httpd>
> Message-Id: <200306221810.h5MIAg329578@xxxxxxxxxxxxxxxxxx>
> To: gigalova@xxxxxx
> MIME-Version: 1.0
>
> Options +ExecCGI
> AddHandler cgi-script .cgi
> AddHandler cgi-script .pl
> ==========
>
> I *do* have cgi-wrap disabled on my RaQ4, so I'm a bit worried.
> I'd appreciate any feedback. Thank you all for your valuable time.
>
> Regards,
> --
> David Black
> Houston, TX
For anyone who might be interested... this was caused
by a WebBBS remote command execution exploit:
http://www.securityfocus.com/bid/5048
http://www.xatrix.org/article1638.html
--
David Black
Houston, TX