Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Scans for IPSwitch IMail LDAP vuilnerability
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 24 Feb 2004 19:19:52 +0300
Dear full-disclosure () lists netsys com,

Information  was  received  from  Kaspersky  Labs,  there  is  increased
activity   on   TCP/389   (LDAP)   port.  Analysis  of  captured  packet
demonstrates  attempt  to  exploit  IPSwitch  IMail  LDAP vulnerability.
Packet  contains  universal reverse shell shellcode. Trojan is installed
on owned host (listens on TCP/21 and pretends to be wu-ftpd).

Best solution is to filter TCP/389.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Scans for IPSwitch IMail LDAP vuilnerability 3APA3A (Feb 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]