This is not an IMAP server software vulnerability announcement. However, you should check your systems and make sure that you are not vulnerable to this attack.
We've recently seen an attack on IMAP servers where the following user names are tried: root, admin, webmaster, user, test, web, www, administrator, oracle, sybase, informix, oracle8, backup, lizdy, server, data, account, access, pwrchute. This suggests that the attacker is looking for accounts with default or empty passwords in accounts that are not shell-loginable. Be sure that if you have any such accounts that they all have passwords disabled. One source of the attack is mar-gw-01-213245050186.chello.fr, IP address 213.245.50.186. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. -- ----------------------------------------------------------------- For information about this mailing list, and its archives, see: http://www.washington.edu/imap/imap-list.html -----------------------------------------------------------------
