ET EXPLOIT Exim/Dovecot Possible MAIL FROM Command Execution

SID: 2016835Rev: 30 views
History
Sourceet/open
CreatedMay 8, 2013
UpdatedOctober 8, 2019
Classificationattempted-admin
alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"ET EXPLOIT Exim/Dovecot Possible MAIL FROM Command Execution"; flow:to_server,established; content:"${IFS}"; fast_pattern; content:"mail from|3a|"; nocase; pcre:"/^[^\r\n]*?\x60[^\x60]*?\$\{IFS\}/R"; reference:url,redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution; classtype:attempted-admin; sid:2016835; rev:3; metadata:created_at 2013_05_08, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)

References

urlredteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution

Metadata

created at2013_05_08
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2019_10_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!