The Most Current Linux/Unix Exploits

[Relyt]

Good Evening,

What are the most current exploited threats in Linux/UNIX systems?

1 - The top Linux/UNIX threat continues to be the Internet's most popular DNS server software, BIND (Berkeley Internet Name Domain). Buffer overruns and cache poisoning are common attack vectors…

2 - Next on the list is the generic Linux/UNIX Web server, which includes Apache and other servers…

3 - The third-rated vulnerability is the password (and other authentication methods)…

4 - Fourth are version-control systems, specifically the most popular, Concurrent Versions System (CVS) and Subversion…

5 - Email services are the fifth most common attack vectors. Sendmail is still the most widely used mail transport agent (MTA) on Linux/UNIX, and it has a number of vulnerabilities. Qmail, Courier, Exim and Postfix are newer alternatives with their own vulnerabilities…

6 - It should come as no surprise that a remote network management tool poses considerable risks to networks, and SNMP, which is usually enabled by default, comes in as the sixth most commonly exploited weakness…

7 - Multiple vulnerabilities in the OpenSSL encryption tool library makes this number seven on the list…

8 - Enterprise NIS and NSF Servers that haven't been configured properly are the next biggest threat…

9 - Databases are designed to be accessed but vulnerabilities can sometimes let remote attackers exploit the open nature of these applications to piggy-back their way into a network…

10 - Kernel vulnerabilities round out the list at the tenth position.

For brevity, I listed only the problems. The article provides some viable solutions to those issues. Click Here:

SANS keeps the list current, so it might be a good idea to bookmark the url and check it every so often. Additionally, the list for both Win & Linux/Unix can be found Here:

Cheers

[MrLinus]

Maybe it's me but isn't this rather dated in their choices as to what is number 1? Bind hasn't had an exploit in over a year at this point and really, doing a quick glance at the list indicates that SNMP has had more problems this year than many of the others. What I did notice in my glance is that many are at least 6 months old.

Too much attention on IE by attackers perhaps? (take the easy route rather than take on a challenge?)

[Relyt]

MsM

They list a fairly recent date, but I guess they only count "successful attacks". Maybe some selective speculation as well.

Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.

[MrLinus]

So a lot of attacks are based on older exploits? Which harks back to a lack of updating and/or patching by system administrators.

[spurious_inode]

The list makes sense because those are the kinds of things that an externally facing Unix host is likely to be running. You don't see things like LDAP, NIS+, SMC and the like because only a Kamikaze SysAdmin would ever let those kinds of services in the DMZ.

I would agree with MsMittens and suggest in addition that any machines patched up to date are unlikely to be exploitable save perhaps poor or neglegent configuration... Which is usually the real underlying problem with a vulnerable DNS, Sendmail, Apache, etc. server.

For example, when Apache.org was hacked, it was literally due to failure to follow their own sage configuration advice.

-- spurious

Note that the Raq3 and above Linux web servers that are so popular with low-end hosting companies have good security records by comparison, despite running a 2.2 Kernel, and older versions of about every package.... Point is that a well configured system is half the battle!

[nightcat]

Originally posted here by spurious_inode
For example, when Apache.org was hacked, it was literally due to failure to follow their own sage configuration advice.

You made me wake up my neighbours laughing LoL