[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Scans for IPSwitch IMail LDAP vuilnerability

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Scans for IPSwitch IMail LDAP vuilnerability
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Date: Tue, 24 Feb 2004 19:19:52 +0300

Dear full-disclosure@lists.netsys.com,

Information  was  received  from  Kaspersky  Labs,  there  is  increased
activity   on   TCP/389   (LDAP)   port.  Analysis  of  captured  packet
demonstrates  attempt  to  exploit  IPSwitch  IMail  LDAP vulnerability.
Packet  contains  universal reverse shell shellcode. Trojan is installed
on owned host (listens on TCP/21 and pretends to be wu-ftpd).

Best solution is to filter TCP/389.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] RE: Windows XP explorer.exe heap overflow.
Next by Date: RE: [Full-Disclosure] Double copies
Previous by thread: RE: [work] [Full-Disclosure] Re: Would you trust these Emails (EBAY & PAYPAL)
Next by thread: [Full-Disclosure] MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities
Index(es):
- Date
- Thread