Last Updated: 2013-06-07 14:18:12 UTC
by Joel Esler (Version: 1)
One of our readers wrote in to let us know that he had received an attempted Exim/Dovecot exploit attempt against his email server. The exploit partially looked like this:
(Obviously edited for your safety, and I didn't post the whole thing.)
This is an exploit against Dovecot that is using the feature "use_shell" against itself. This feature, unfortunately, is found in the example wiki on Dovecot's website, and also in their example configuration. We'd caution anyone that is using Dovecot to take a look at their configuration and make use they aren't using the "use_shell" parameter. Or if you are, make darn sure you know what you are doing, and how to defend yourself.