The latest top 10 Linux/Unix security holes

• Tags:
• Top 10 Security Holes,
• Vulnerabilities,
• Flaw,
• Unix

John McCormick

Published: 04 Nov 2003 12:10 GMT

• 
• 
• 
• 
• 

3. Apache Web Server

Apache is very popular and is widely used. It is also less vulnerable to hacks than Microsoft's IIS, but that doesn't mean there is no need to update Apache or regularly check for newly discovered vulnerabilities. Some administrators who get hit with Apache hacks may not even be aware it's on their systems because it's often part of the default installation.

This would seem like a no-brainer, but if you don't need the Apache server, don't run it on your system. Of course, between all the legacy systems that admins have to manage and the dozens of patches and other vulnerabilities to deal with on an urgent basis, is it any wonder that there are a lot of older Apache versions out there that either shouldn't be running or that aren't patched?

If you do need to run Apache, there are things you can do to reduce the risk even if you can't patch it every time a new vulnerability is discovered: 1.) Don't run Apache as root, 2.) Disable any scripting languages you don't really need, and 3.) Run Apache in a chroot environment whenever possible.

4. General UNIX Authentication Accounts with No Passwords or Weak Passwords

Now this one really is a no-brainer and many administrators will automatically dismiss this, but the fact is that it's still one of the most exploited vulnerabilities. I believe that my readers are probably too savvy to ignore the threat of weak passwords when configuring new systems, but consider whether you are managing legacy systems configured by someone else. I suspect that one reason so many systems are vulnerable to weak passwords are these legacy installations.

Another reason for this vulnerability is a simple and seemingly reasonable procedure that you probably don't even realise is dangerous. I'm referring to the common practice of using the same password for all new accounts. Even if you enforce a policy of resetting this at the first login, there is still a period when a password that is widely known to many current and former employees will be valid.

5. Clear Text Services

Sniffer attacks are common, and the fact that many Linux/UNIX services such as FTP don't encrypt any part of the session, even the logon information, makes this a popular attack vector. Tcpdump will show you any clear text transmissions, and administrators should use it to look for vulnerabilities; after all, hackers do. To reduce the risk, consider using HTTPS, POP2S, or other encrypted alternatives to replace the common plain text services.

6. Sendmail

The widespread use of Sendmail as a mail transfer agent means that known vulnerabilities in older or unpatched versions are a common target. Other than responsible patching policies, the main ways to reduce the risk from Sendmail are to either disable it when it is not needed or run it in daemon mode when you need it.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed