Another link warning about the LDAP vulnerability: http://isc.sans.org/diary.html?date=2004-02-23
Andrew 8) -----Original Message----- From: Joshua Levitsky [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 9:28 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Fw: [Full-Disclosure] Scans for IPSwitch IMail LDAP vuilnerability Please everyone be sure to patch your IMail 8 installations with the hotfix for the LDAP vulnerability. ----- Original Message ----- From: "3APA3A" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 24, 2004 11:19 AM Subject: [Full-Disclosure] Scans for IPSwitch IMail LDAP vuilnerability > Information was received from Kaspersky Labs, there is increased > activity on TCP/389 (LDAP) port. Analysis of captured packet > demonstrates attempt to exploit IPSwitch IMail LDAP vulnerability. > Packet contains universal reverse shell shellcode. Trojan is installed > on owned host (listens on TCP/21 and pretends to be wu-ftpd). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
