The latest top 10 Linux/Unix security holes

1. BIND Domain Name System

Please note that the people who developed and support BIND are not really to blame for the many successful attacks. The original holes may have been their fault, but no software is perfect and ISC BIND is quick to provide patches and/or updated versions once a problem is reported. The problem is that administrators tend to run older versions of BIND, because it continues to run well, and don't regularly update their software.

The BIND Web site is replete with warnings to update versions in order to eliminate vulnerabilities, as this is the primary reason so many successful attacks are launched against BIND -- there are a vast number of very old and badly configured versions of BIND still in use.

The fact that most Linux/UNIX versions ship with BIND is the reason for its widespread use, and every Linux/UNIX administrator needs to be aware of the multiple vulnerabilities found in older, unpatched versions of BIND.

There are also some general configuration recommendations provided on the SANS/FBI Web page and applying them will greatly reduce potential vulnerabilities, even if you aren't able to keep up with the latest patches.

2. Remote Procedure Calls (RPC)

One of the biggest threats posed by RPCs is the fact that they often unnecessarily execute with elevated privileges, which can give an attacker easy access to the root (administrator) user account. RPC is often enabled on systems and is, therefore, a threat to most Linux/UNIX installations because unneeded RPC services are often enabled. The first step in reducing RPC threats is to remove these unnecessary services.

SANS offers suggestions on how to lock down unneeded RPC services. Because most installations can't just close all RPC services, this is one of those critical features that administrators must regularly maintain. The fact that it keeps showing up on these vulnerability lists shows that many systems aren't being configured or maintained to properly handle RPC.