breaking into the system through cyrus account ?

Rudi Bruchez rudi_list at babaluga.com
Tue Jun 3 03:10:55 EDT 2008


Hello,

I'm using Cyrus on a Debian box, with pop3s. I found some time ago that 
someone was able to place a spamming tool in the /var/spool/cyrus/ 
directory. I cleaned it and changed all my passwords. All seemed ok.

I figured out this week that an IRC bot was at the same place. I changed 
my passwords again, and upgraded to the last Cyrus Debian package.
It looks like the cracker gained root access. I don't have the time and 
window to reinstall my system. My question would be : have you already 
heard of such breaks ?
The Cyrus account has shell access in passwd. Is it necessary ? Could I 
put it to /bin/false, and change it when I want to su to it for changing 
smth ?

Thanks !

Rudi



More information about the Info-cyrus mailing list