[Zope-dev] possible compromise
Jamie Heilman
jamie at audible.transient.net
Mon Oct 13 20:54:40 EDT 2003
Chris Pelton wrote:
> So, would anybody have any ideas how to determine if this might have
> been compromised? Or is there a known mail relay exploit through zope
> somehow? I've checked system binaries and everything seems fine. None of
> the python files seem to have been changed since well before the
> relaying started.
It might help to know the version of zope which you may be able to find
it in the version.txt file distributed with zope releases. That said,
there hasn't been a known relay exploit to the best of my knowledge,
but there are many ways to implement a web application that sends mail
in zope, and it wouldn't be at all surprising if the implementation of
your system was vulnerable.
Do you know enough about Zope to discuss the implementation of your
web application? We can throw out a bazillion ideas but thats a
painfully slow way to determine what really happened.
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when you weren't saying squat kid." -Buddy
More information about the Zope-Dev
mailing list