The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible CA-2003-12 exploit

Discussion in 'General Discussion' started by jeroman8, Jan 19, 2007.

  1. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    Hello!

    Starting a short while back we can't send mail to a certail host cause they
    seem to have high security filters or something.
    This apply only form one of our servers - they other servers with same setup
    can send so I guess there is something wrong with this server
    We can't send from Webmail = sendmail.

    zzzz@zzz.com
    SMTP error from remote mail server after end of data:
    host smtp.zzz.com [000.000.111.111]: 550 Error:
    Possible CA-2003-12 exploit

    CA-2003-12 exploit is a sendmail exploit related to buffer owerflow.
    Seems the header "can" be rewritten causing something...!

    Since the other server is stopping the mail and say it's a CA-2003-12 exploit
    I guess the header has been rewritten since they can see this.
    Other mailservers is accepting the mail ok.

    Anyone know waht to do - how can I see if it's being rewritten.
    I'm checking the mail header but can't see anything.

    The sendmail program has exact same size and update date as on my
    other servers.
    I have run upcp force with new build (current instead) and then I run eximup -- force
    That did not help.

    Any suggestion or info appreciated!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Since cPanel doesn't use sendmail the recipient has got it wrong. Only they can answer why they're blocking the email from a non-sendmail MTA.
     
  3. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    Hi Chirpy - so the sendmail /usr/sbin/sendmail, script on server
    is really exim and not the "real sendmail" program ?


    Thanks, Jerry
     
  4. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    sorry, dup post
     
  5. xerophyte

    xerophyte Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    216
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    if you have linux and its rpm based type


    Code:
    rpm -qf  /usr/sbin/sendmail
    you will find out the sendmail binary its from exim
    Code:
    rpm -qf  /usr/sbin/sendmail
    exim-4.63-1_cpanel_maildir
    
    hope that helps
     
  6. jeroman8

    jeroman8 Well-Known Member

    Joined:
    Mar 14, 2003
    Messages:
    410
    Likes Received:
    0
    Trophy Points:
    16
    yupp, thanks!
    exim-4.63-1_cpanel_maildir

    Strange they only block one of our servers and not all since all run same stuff.
    Maybe there is something strange on the server....
    But the exploit is for sendmail so thats funny!

    Anyway, contacted their network staff and they will look into it.
     
Loading...

Share This Page