Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Scans for IPSwitch IMail LDAP vuilnerability

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 24 Feb 2004 19:19:52 +0300
Dear full-disclosure () lists netsys com,

Information  was  received  from  Kaspersky  Labs,  there  is  increased
activity   on   TCP/389   (LDAP)   port.  Analysis  of  captured  packet
demonstrates  attempt  to  exploit  IPSwitch  IMail  LDAP vulnerability.
Packet  contains  universal reverse shell shellcode. Trojan is installed
on owned host (listens on TCP/21 and pretends to be wu-ftpd).

Best solution is to filter TCP/389.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: