[Dovecot] from ISC: Exim/Dovecot exploit making the rounds
lists at luigirosa.com
Sun Jun 9 10:58:12 EEST 2013
One of our readers wrote in to let us know that he had received an attempted
Exim/Dovecot exploit attempt against his email server. The exploit partially
looked like this:
(Obviously edited for your safety, and I didn't post the whole thing.)
This is an exploit against Dovecot that is using the feature "use_shell" against
itself. This feature, unfortunately, is found in the example wiki on Dovecot's
website, and also in their example configuration. We'd caution anyone that is
using Dovecot to take a look at their configuration and make use they aren't
using the "use_shell" parameter. Or if you are, make darn sure you know what
you are doing, and how to defend yourself.
The generation of random numbers is too important to be left to chance.
More information about the dovecot