[Dovecot] Security Hole in 1.0.13?

Odhiambo Washington odhiambo at gmail.com
Sun May 18 10:10:32 EEST 2008


On Sun, May 18, 2008 at 10:03 AM, Lawrence Sheed <
Lawrence at computersolutions.cn> wrote:

> Corrected that in the conf file.
>
> If I check the dovecot user, I see its been compromised also - a bunch of
> crap in their login folder.
> I didn't create the dovecot.conf with a /var/run/dotvecot though, so
> someone else did that.
>
> More updates as I check further.
>


If you allow your system to be compromised, you cannot attribute that to a
particular application, unless you can prove the fact that that application
led to the security hole.
For now, it's easy to just take that 0wn3d host offline and deal with it -
or just format the damn thing as it'll not be easy to track down the hole(s)
now existing on your system. I'd do that, but I'd have to record that as a
major milestone in my sysadmin life since I've never been so luck to get
v1s1t3d by aliens:-)

Get the humor flowing.... I was having a really boring Sunday!

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
--from a /. post


More information about the dovecot mailing list