On Jun 3, 2008, at 3:10 AM, Rudi Bruchez wrote:
Hello,
I'm using Cyrus on a Debian box, with pop3s. I found some time ago
that
someone was able to place a spamming tool in the /var/spool/cyrus/
directory. I cleaned it and changed all my passwords. All seemed ok.
Hopefully you are keeping up to date with these security issues with
Debian SSL and OpenSSH:
http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
I figured out this week that an IRC bot was at the same place. I
changed
my passwords again, and upgraded to the last Cyrus Debian package.
It looks like the cracker gained root access. I don't have the time
and
window to reinstall my system. My question would be : have you already
heard of such breaks ?
The Cyrus account has shell access in passwd. Is it necessary ?
Could I
put it to /bin/false, and change it when I want to su to it for
changing
smth ?
Thanks !
Rudi
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html