[Dovecot] Security Hole in 1.0.13?
Odhiambo Washington
odhiambo at gmail.com
Sun May 18 10:51:47 EEST 2008
On Sun, May 18, 2008 at 10:19 AM, Lawrence Sheed <
Lawrence at computersolutions.cn> wrote:
> Typically before I kill a system thats been compromised, I try to find out
> the reason, so it DOESNT happen again.
>
> In this instance I have 2 systems with exactly the same "issue"
>
> Both were running smoothly until about last week, then load spikes were
> observed.
>
> In both systems, the the attacker has changed the dovecot.conf to point at
> dotvecot
> I'm guessing around the 13th as thats when the /var/run/dovecot folder was
> updated.
>
> I'll do the rest offlist.
>
> Andraz, thank you.
> Washington, you're an asshole.
I agree, but .....
It's made you come up with more details to make someone start thinking.
Now you are heading towards Timo's cash offer to anyone who can discover and
point out a security hole in dovecot, but you are a little far away still.
We are all interested in what you find out ultimately, and I stop being an
asshole now, so please share with us everything. As I told you, I run same
version of dovecot as you on over 20 servers. They are all FreeBSD and
configured the same in all aspects except domain names/ip addresses.
Your discovery could help me and others as well.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
--from a /. post
More information about the dovecot
mailing list