ZDNet UK

• CNET NETWORKS UK BUSINESS SITES:
• atlarge.com
• BNET UK
• silicon.com
• SmartPlanet.com
• ZDNet.co.uk

The latest top 10 Linux/Unix security holes

• Tags:
• Top 10 Security Holes,
• Vulnerabilities,
• Flaw,
• Unix

John McCormick

Published: 04 Nov 2003 12:10 GMT

• 
• 
• 
• 
• 

SANS and the FBI have once again teamed up and released an updated version of their list of the most exploited IT security vulnerabilities. As usual, this list has been split into Windows flaws and Linux/UNIX flaws. Like the list of the top 10 Windows vulnerabilities, which I covered in a recent article, I have also put together a summary of the Linux/UNIX list. Linux/UNIX list
The following are the top 10 Linux/UNIX flaws, listed in order starting with the most dangerous flaws.

1. BIND Domain Name System

Number one again is the well-known BIND (Berkeley Internet Name Domain). BIND is critical because it's by far the most popular DNS in use around the world and is, therefore, a popular target for hackers wanting to trigger a Denial of Service (DoS) event.

Please note that the people who developed and support BIND are not really to blame for the many successful attacks. The original holes may have been their fault, but no software is perfect and ISC BIND is quick to provide patches and/or updated versions once a problem is reported. The problem is that administrators tend to run older versions of BIND, because it continues to run well, and don't regularly update their software.

The BIND Web site is replete with warnings to update versions in order to eliminate vulnerabilities, as this is the primary reason so many successful attacks are launched against BIND -- there are a vast number of very old and badly configured versions of BIND still in use.

The fact that most Linux/UNIX versions ship with BIND is the reason for its widespread use, and every Linux/UNIX administrator needs to be aware of the multiple vulnerabilities found in older, unpatched versions of BIND.

There are also some general configuration recommendations provided on the SANS/FBI Web page and applying them will greatly reduce potential vulnerabilities, even if you aren't able to keep up with the latest patches.

2. Remote Procedure Calls (RPC)

RPC is the tool that allows a program on one computer to run software on a remote computer, and it is responsible for much of the usefulness of networks. RPC can be used to remotely administer computers, making it a vital tool for managing today's complex networks.

One of the biggest threats posed by RPCs is the fact that they often unnecessarily execute with elevated privileges, which can give an attacker easy access to the root (administrator) user account. RPC is often enabled on systems and is, therefore, a threat to most Linux/UNIX installations because unneeded RPC services are often enabled. The first step in reducing RPC threats is to remove these unnecessary services.

SANS offers suggestions on how to lock down unneeded RPC services. Because most installations can't just close all RPC services, this is one of those critical features that administrators must regularly maintain. The fact that it keeps showing up on these vulnerability lists shows that many systems aren't being configured or maintained to properly handle RPC.

• 
• 
• 
• 

• Share this article:
• 
• 
• 
• 
• 

• Most Recent
• Most Popular
• Most Discussed