-----BEGIN PGP SIGNED MESSAGE----- Phil Howard wrote:
Daniel Senie wrote:
The frequency of IMAP attacks is increasing, and the number of IP addresses scanned per attack seems to be increasing as well.
I don't know if these attacks are specific to Red Hat Linux or if other UNIX systems are at risk.
The CERT Coordination Center issued a CERT Advisory regarding vulnerabilities in some implementations of IMAP servers on June 20, 1998. The advisory is CA-98.09 and is available from: * http://www.cert.org/advisories/CA-98.09.imapd.html This vulnerability is not specific to Red Hat Linux systems, though the particular exploit used by a particular intruder may be platform specific. The Advisory provides vulnerability information for other vendors. It may be worth noting that the life-cycle of these types of vulnerabilities may be longer than some people think. There was another IMAP vulnerability widely exploited in 1997 for which an advisory was released: * CA-97.09, Vulnerability in IMAP and POP http://www.cert.org/advisories/CA-97.09.imap_pop.html Well-known vulnerabilities tend to become incorporated into exploit tools which then become widely available and widely used. To this day, we still receive occasional reports of incidents which are covered by the 1997 Advisory. The history can be seen by looking at the CERT Summaries, which are normally published each quarter: * CS-97.06 http://www.cert.org/summaries/CS-97.06.html * CS-97.05 http://www.cert.org/summaries/CS-97.05.html * CS-97.04 - Special Edition http://www.cert.org/summaries/CS-97.04.html We see a similar life-cycle for most vulnerabilities for which we publish Advisories, including the IMAP vulnerability discussed in CA-98.09. You may also wish to look for probes to services other than IMAP. The CERT/CC continues to receive numerous daily reports indicating tools which scan networks for many different vulnerabilities are still in widespread use within the intruder community. For more information, see: * IN-98.04, Advanced Scanning http://www.cert.org/incident_notes/IN-98.04.html * IN-98.02, New Tools Used for Widespread Scans http://www.cert.org/incident_notes/IN-98.02.html We encourage sites who do experience security incidents to report the incidents to cert@cert.org. Our incident reporting guidelines are located at: * http://www.cert.org/tech_tips/incident_reporting.html Regards, Kevin - -- Kevin J. Houle Technical Coordinator __________________________________________________________ CERT* Coordination Center | cert@cert.org Software Engineering Institute | Hotline : +1 412.268.7090 Carnegie Mellon University | FAX : +1 412.268.6989 Pittsburgh, PA 15213-3890 | http://www.cert.org/ ========================================================== *Registered U.S. Patent and Trademark Office. The Software Engineering Institute is sponsored by the U.S. Department of Defense. -----BEGIN PGP SIGNATURE----- Version: PGP for Business Security 5.5 iQCVAwUBNlnq3XVP+x0t4w7BAQGyZwQA3P+XmRAJ49p8GEiNL4FOvM1RB8XJA0nB il2G1OzQ9KhqofFjh2fRyojnn/3xNEzm69kkD5Bkf8Y1HIMpWV5Jxiy6gWnUQ2HQ KvVOiOKXrlNlx5oHpRo3VOYf4Vg/xTEbk+UWQmsLkbPhRdLw7UQE9xSUVazgV79j 83GJlFsZnGQ= =9DOh -----END PGP SIGNATURE-----