----- Original Message -----
Sent: Sunday, June 22, 2003 1:21 PM
Subject: [cobalt-security] options sniffing via email?
> Can anyone shed some light on (how and why) someone
> may be attempting to email what appears to be options
> information to themselves?
>
> I received a couple of bounces (host unknown) like this:
>
> ==========
> Return-Path: <httpd>
> Received: (from [EMAIL PROTECTED])
> by www.victimized.com (8.10.2/8.10.2) id h5MIAg329578
> for [EMAIL PROTECTED]; Sun, 22 Jun 2003 13:10:42 -0500
> Date: Sun, 22 Jun 2003 13:10:42 -0500
> From: httpd <httpd>
> Message-Id: <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> MIME-Version: 1.0
>
> Options +ExecCGI
> AddHandler cgi-script .cgi
> AddHandler cgi-script .pl
> ==========
>
> I *do* have cgi-wrap disabled on my RaQ4, so I'm a bit worried.
> I'd appreciate any feedback. Thank you all for your valuable time.
>
> Regards,
> --
> David Black
> Houston, TX
For anyone who might be interested... this was caused
by a WebBBS remote command execution exploit:
http://www.securityfocus.com/bid/5048
http://www.xatrix.org/article1638.html
--
David Black
Houston, TX
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
