[102539] in RedHat Linux List
{OT}[Fwd: MSNBC Scare Tactics?]
daemon@ATHENA.MIT.EDU (Tom Burke)
Thu Dec 3 19:19:25 1998
Date: Thu, 03 Dec 1998 18:16:38 -0500
From: Tom Burke <tomii@erols.com>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
A friend sent me thie link to this article... My understanding is that this
affects
almost _any_ IMAP server installation. Also, RH 5.0 is kind of old, now,
anyway..
Burke, Thomas G. wrote:
> Hackers exploit Linux mail 'worm'
> A hole found in June is still being exploited by hackers
>
> Network operators around the world are trying to eradicate a "worm" program
> that has taken over the central programming of many of their computers and
> disrupted operations.
>
> THE INTRUSION APPEARS to be aimed at Internet service providers'
> Internet Message Access Protocol (IMAP) servers, which manage e-mail
> systems. Networks running the Linux operating system version 5.0 from Red
> Hat Software Inc. on Intel Corp.-based machines appear to be particularly
> susceptible.
> The problem was identified in June by the Computer Emergency Response
> Team at Carnegie Mellon University. Red Hat, as well as other vendors,
> posted software fixes, but not everyone was aware of the breach; some didn't
> patch their operating software.
> Now, hackers are using the weakness to perpetuate the worm program.
> The program quietly takes over key components of the root, or central,
> program and uses the host computer to probe and attack other networks
> without the systems administrator's knowledge.
> "The problem with these things is that once they become known,
> hackers use the CERT advisories to probe networks," said Daniel Senie,
> president of Amaranth Networks Inc. Someone tried to break into Senie's
> network to find the IMAP weak spot, but the firewall held.
> The hacker left a few clues behind: The attacks came from California
> Polytechnic State University, the City University of New York and several
> other schools. But those locations aren't likely to be the hackers' home
> base. "They've done a reasonable job making it look like the [code] they
> added was there all along," he said.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
