Category: SANS Internet Storm Center

Shellshock via SMTP, (Fri, Oct 24th) 0

Shellshock via SMTP, (Fri, Oct 24th)

Ive received several reports of what appears to be shellshock exploit attempts via SMTP. The sources so far have all be webhosting providers, so Im assuming these are compromised systems.” /> The payload is an IRC perl bot with simple DDoS commands and the ability to fetch and execute further code

Are you receiving Empty or "Hi" emails?, (Fri, Oct 24th) 0

Are you receiving Empty or "Hi" emails?, (Fri, Oct 24th)

I wanted to perform a little unscientific information gathering, Im working with a small group who think theyre being specifically targeted by these, while I think its more widespread and opportunitistic. If youve recently received these no content probe emails, or a simple Hi message, please send a simple comment below in this format: Industry Order of magnitued in size ( e.g. 10, 100, 1000) Sending domain Feel free to use our comment page to add extra analysis comments here: https://isc.sans.edu/contact.html (c) SANS Internet Storm Center.

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability, (Wed, Oct 22nd) 0

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability, (Wed, Oct 22nd)

We received the following vulnerability advisory for a remote code execution vuln identified and reported in Ciscos Ironport WSA Telnetd. Vendor: Cisco Product web page: http://www.cisco.com Affected version: Cisco Ironport WSA – AsyncOS 8.0.5 for Web build 075 Date: 22/05/2014 Credits: Glafkos Charalambous CVE: CVE-2011-4862 CVSS Score: 7.6 Impact: Unauthenticated Remote Code Execution with elevated privileges Description: The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code (CVE-2011-4862)