[Dovecot] from ISC: Exim/Dovecot exploit making the rounds

Luigi Rosa lists at luigirosa.com
Sun Jun 9 10:58:12 EEST 2013

One of our readers wrote in to let us know that he had received an attempted 
Exim/Dovecot exploit attempt against his email server.  The exploit partially 
looked like this:


(Obviously edited for your safety, and I didn't post the whole thing.)

This is an exploit against Dovecot that is using the feature "use_shell" against 
itself.  This feature, unfortunately, is found in the example wiki on Dovecot's 
website, and also in their example configuration.  We'd caution anyone that is 
using Dovecot to take a look at their configuration and make use they aren't 
using the "use_shell" parameter.  Or if you are, make darn sure you know what 
you are doing, and how to defend yourself.



+--[Luigi Rosa]--

The generation of random numbers is too important to be left to chance.

More information about the dovecot mailing list