Exim logs spammed with large headers
Has anybody else seen this kind of attack?
I see those messages on 2 exim mailservers. Looks as if someone sends a 50MB big mail header :S What is their goal except from increasing my traffic? Code:
2011-02-12 07:48:53 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=ns33.medialook.net [91.121.108.5] input="GET / HTTP/1.1\r\nAccept: */*\r\nAccept-Language: en-us\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_1_3 like Mac " Code:
zgrep welcome.com mainlog* |
guess I found it
CVE-2010-4344 exim remote code execution flaw CVE-2010-4345 exim privilege escalation only applies to exim versions prior to 4.70 http://www.exim.org/lurker/message/2...32d4f2.en.html http://www.cvedetails.com/cve/CVE-2010-4344/ |
Thanks for posting back your findings! (I marked the thread solved.)
|
Were you running a version prior to 4.70?
If so, and this has corrected your problem, would you please mark the thread as solved? Otherwise, if you are still having problems, we can start looking for other causes. As you have noticed, there is an active thread or two regarding exim exploits. If these upgrades didn't fix your problem, your contribution to the investigation might be beneficial. Edit: already marked solved. |
Quote:
@wulu: please see http://www.linuxquestions.org/questi...eaders-837856/ |
All times are GMT -5. The time now is 02:45 PM. |