|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Scans for IPSwitch IMail LDAP vuilnerability
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Tue Feb 24 2004 - 10:19:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear full-disclosurelists.netsys.com,
Information was received from Kaspersky Labs, there is increased
activity on TCP/389 (LDAP) port. Analysis of captured packet
demonstrates attempt to exploit IPSwitch IMail LDAP vulnerability.
Packet contains universal reverse shell shellcode. Trojan is installed
on owned host (listens on TCP/21 and pretends to be wu-ftpd).
Best solution is to filter TCP/389.
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]