IMAP attacks continue
Kevin Houle
kjh at cert.org
Mon Nov 23 23:10:14 UTC 1998
-----BEGIN PGP SIGNED MESSAGE-----
Phil Howard wrote:
>
> Daniel Senie wrote:
>
> > The frequency of IMAP attacks is increasing, and the number of IP
> > addresses scanned per attack seems to be increasing as well.
> I don't know if these attacks are specific to Red Hat Linux or if other
> UNIX systems are at risk.
The CERT Coordination Center issued a CERT Advisory regarding
vulnerabilities in some implementations of IMAP servers on
June 20, 1998. The advisory is CA-98.09 and is available from:
* http://www.cert.org/advisories/CA-98.09.imapd.html
This vulnerability is not specific to Red Hat Linux systems,
though the particular exploit used by a particular intruder
may be platform specific. The Advisory provides vulnerability
information for other vendors.
It may be worth noting that the life-cycle of these types of
vulnerabilities may be longer than some people think. There
was another IMAP vulnerability widely exploited in 1997 for
which an advisory was released:
* CA-97.09, Vulnerability in IMAP and POP
http://www.cert.org/advisories/CA-97.09.imap_pop.html
Well-known vulnerabilities tend to become incorporated into
exploit tools which then become widely available and widely
used. To this day, we still receive occasional reports of
incidents which are covered by the 1997 Advisory. The history
can be seen by looking at the CERT Summaries, which are
normally published each quarter:
* CS-97.06
http://www.cert.org/summaries/CS-97.06.html
* CS-97.05
http://www.cert.org/summaries/CS-97.05.html
* CS-97.04 - Special Edition
http://www.cert.org/summaries/CS-97.04.html
We see a similar life-cycle for most vulnerabilities for
which we publish Advisories, including the IMAP vulnerability
discussed in CA-98.09.
You may also wish to look for probes to services other than IMAP.
The CERT/CC continues to receive numerous daily reports indicating
tools which scan networks for many different vulnerabilities are
still in widespread use within the intruder community. For more
information, see:
* IN-98.04, Advanced Scanning
http://www.cert.org/incident_notes/IN-98.04.html
* IN-98.02, New Tools Used for Widespread Scans
http://www.cert.org/incident_notes/IN-98.02.html
We encourage sites who do experience security incidents to
report the incidents to cert at cert.org. Our incident reporting
guidelines are located at:
* http://www.cert.org/tech_tips/incident_reporting.html
Regards,
Kevin
- --
Kevin J. Houle
Technical Coordinator
__________________________________________________________
CERT* Coordination Center | cert at cert.org
Software Engineering Institute | Hotline : +1 412.268.7090
Carnegie Mellon University | FAX : +1 412.268.6989
Pittsburgh, PA 15213-3890 | http://www.cert.org/
==========================================================
*Registered U.S. Patent and Trademark Office.
The Software Engineering Institute is sponsored by the U.S.
Department of Defense.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Business Security 5.5
iQCVAwUBNlnq3XVP+x0t4w7BAQGyZwQA3P+XmRAJ49p8GEiNL4FOvM1RB8XJA0nB
il2G1OzQ9KhqofFjh2fRyojnn/3xNEzm69kkD5Bkf8Y1HIMpWV5Jxiy6gWnUQ2HQ
KvVOiOKXrlNlx5oHpRo3VOYf4Vg/xTEbk+UWQmsLkbPhRdLw7UQE9xSUVazgV79j
83GJlFsZnGQ=
=9DOh
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list