breaking into the system through cyrus account ?

Nik Conwell nik at bu.edu
Tue Jun 3 06:33:45 EDT 2008


On Jun 3, 2008, at 3:10 AM, Rudi Bruchez wrote:

> Hello,
>
> I'm using Cyrus on a Debian box, with pop3s. I found some time ago  
> that
> someone was able to place a spamming tool in the /var/spool/cyrus/
> directory. I cleaned it and changed all my passwords. All seemed ok.

Hopefully you are keeping up to date with these security issues with  
Debian SSL and OpenSSH:

http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576


> I figured out this week that an IRC bot was at the same place. I  
> changed
> my passwords again, and upgraded to the last Cyrus Debian package.
> It looks like the cracker gained root access. I don't have the time  
> and
> window to reinstall my system. My question would be : have you already
> heard of such breaks ?
> The Cyrus account has shell access in passwd. Is it necessary ?  
> Could I
> put it to /bin/false, and change it when I want to su to it for  
> changing
> smth ?
>
> Thanks !
>
> Rudi
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080603/1e9ab0a9/attachment.html 


More information about the Info-cyrus mailing list