The Most Current Linux/Unix Exploits
Results 1 to 6 of 6

Thread: The Most Current Linux/Unix Exploits

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    The Most Current Linux/Unix Exploits??

    Good Evening,

    What are the most current exploited threats in Linux/UNIX systems?

    1 - The top Linux/UNIX threat continues to be the Internet's most popular DNS server software, BIND (Berkeley Internet Name Domain). Buffer overruns and cache poisoning are common attack vectors…

    2 - Next on the list is the generic Linux/UNIX Web server, which includes Apache and other servers…

    3 - The third-rated vulnerability is the password (and other authentication methods)…

    4 - Fourth are version-control systems, specifically the most popular, Concurrent Versions System (CVS) and Subversion…

    5 - Email services are the fifth most common attack vectors. Sendmail is still the most widely used mail transport agent (MTA) on Linux/UNIX, and it has a number of vulnerabilities. Qmail, Courier, Exim and Postfix are newer alternatives with their own vulnerabilities…

    6 - It should come as no surprise that a remote network management tool poses considerable risks to networks, and SNMP, which is usually enabled by default, comes in as the sixth most commonly exploited weakness…

    7 - Multiple vulnerabilities in the OpenSSL encryption tool library makes this number seven on the list…

    8 - Enterprise NIS and NSF Servers that haven't been configured properly are the next biggest threat…

    9 - Databases are designed to be accessed but vulnerabilities can sometimes let remote attackers exploit the open nature of these applications to piggy-back their way into a network…

    10 - Kernel vulnerabilities round out the list at the tenth position.
    For brevity, I listed only the problems. The article provides some viable solutions to those issues. Click Here:

    SANS keeps the list current, so it might be a good idea to bookmark the url and check it every so often. Additionally, the list for both Win & Linux/Unix can be found Here:

    Cheers
    Connection refused, try again later.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Maybe it's me but isn't this rather dated in their choices as to what is number 1? Bind hasn't had an exploit in over a year at this point and really, doing a quick glance at the list indicates that SNMP has had more problems this year than many of the others. What I did notice in my glance is that many are at least 6 months old.

    Too much attention on IE by attackers perhaps? (take the easy route rather than take on a challenge?)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    MsM

    They list a fairly recent date, but I guess they only count "successful attacks". Maybe some selective speculation as well.

    Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.
    Connection refused, try again later.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    So a lot of attacks are based on older exploits? Which harks back to a lack of updating and/or patching by system administrators.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    The list makes sense because those are the kinds of things that an externally facing Unix host is likely to be running. You don't see things like LDAP, NIS+, SMC and the like because only a Kamikaze SysAdmin would ever let those kinds of services in the DMZ.

    I would agree with MsMittens and suggest in addition that any machines patched up to date are unlikely to be exploitable save perhaps poor or neglegent configuration... Which is usually the real underlying problem with a vulnerable DNS, Sendmail, Apache, etc. server.

    For example, when Apache.org was hacked, it was literally due to failure to follow their own sage configuration advice.

    -- spurious

    Note that the Raq3 and above Linux web servers that are so popular with low-end hosting companies have good security records by comparison, despite running a 2.2 Kernel, and older versions of about every package.... Point is that a well configured system is half the battle!
    Get OpenSolaris http://www.opensolaris.org/

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    Originally posted here by spurious_inode
    For example, when Apache.org was hacked, it was literally due to failure to follow their own sage configuration advice.
    You made me wake up my neighbours laughing LoL
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides