The latest top 10 Linux/Unix security holes

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

COMMENT
SANS and the FBI have once again teamed up and released an updated version of their list of the most exploited IT security vulnerabilities. As usual, this list has been split into Windows flaws and Linux/UNIX flaws. Like the list of the top 10 Windows vulnerabilities, which I covered in a recent article, I have also put together a summary of the Linux/UNIX list. Linux/UNIX list
The following are the top 10 Linux/UNIX flaws, listed in order starting with the most dangerous flaws.
    1. BIND Domain Name System
Number one again is the well-known BIND (Berkeley Internet Name Domain). BIND is critical because it's by far the most popular DNS in use around the world and is, therefore, a popular target for hackers wanting to trigger a Denial of Service (DoS) event.

Please note that the people who developed and support BIND are not really to blame for the many successful attacks. The original holes may have been their fault, but no software is perfect and ISC BIND is quick to provide patches and/or updated versions once a problem is reported. The problem is that administrators tend to run older versions of BIND, because it continues to run well, and don't regularly update their software.

The BIND Web site is replete with warnings to update versions in order to eliminate vulnerabilities, as this is the primary reason so many successful attacks are launched against BIND -- there are a vast number of very old and badly configured versions of BIND still in use.

The fact that most Linux/UNIX versions ship with BIND is the reason for its widespread use, and every Linux/UNIX administrator needs to be aware of the multiple vulnerabilities found in older, unpatched versions of BIND.

There are also some general configuration recommendations provided on the SANS/FBI Web page and applying them will greatly reduce potential vulnerabilities, even if you aren't able to keep up with the latest patches.

    2. Remote Procedure Calls (RPC)
RPC is the tool that allows a program on one computer to run software on a remote computer, and it is responsible for much of the usefulness of networks. RPC can be used to remotely administer computers, making it a vital tool for managing today's complex networks.

One of the biggest threats posed by RPCs is the fact that they often unnecessarily execute with elevated privileges, which can give an attacker easy access to the root (administrator) user account. RPC is often enabled on systems and is, therefore, a threat to most Linux/UNIX installations because unneeded RPC services are often enabled. The first step in reducing RPC threats is to remove these unnecessary services.

SANS offers suggestions on how to lock down unneeded RPC services. Because most installations can't just close all RPC services, this is one of those critical features that administrators must regularly maintain. The fact that it keeps showing up on these vulnerability lists shows that many systems aren't being configured or maintained to properly handle RPC.

Talkback

I got the impression that you were stretching to get to "10". Maybe you should have kept it at whatever number you knew about personally. Come on, what does this statement add:
"SSH is an important security tool, but many installations of it aren't being properly maintained or configured."

What the heck are you talking about? Do you even know?

via Facebook 6 November, 2003 20:04
Reply

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

dede0202

Hello ALL USERS OF THE PIRATE BAY I WOULD PUT AN EXPLANATION ON PIRACY Story Idea ILLIGALE AND SHARING THOSE THAT NET Dissent NOT WELL BUT TO CA...

4 hours ago by dede0202 on The Pirate Bay infringes copyright, High Court decides
Sungwoo

do You know that? it can install 4G Ram. So i buy 4g and install It work! I can run call of duty 4,6,7 [Modern war... 1,2,3] Call of duty 1 was...

5 hours ago by Sungwoo on Loose Ends - Upgrading the Aspire One 522
itsajob

2. Bad idea. Making up patch cables loses you your commission from the cable supplier. 3. If you tidy up, other people can understand where the...

10 hours ago by itsajob on Ten IT jobs to save up for those rare lulls
Roberto_Store

Now On Sale, Unlocked iPhone 4S / Galaxy Note In Factory Box. Roberto-Techie(UK) ”Now on Sales” Smartphone, Android,Tablets,Gadget &...

14 hours ago by Roberto_Store on Samsung Galaxy S III lined up for sale
Paul Smyth

Is this classic FUD? One thing I would definitely have notice is a Mozilla threat to stop supporting GNU/Linux.

16 hours ago by Paul Smyth via Facebook on Firefox rapid release improves Fedora Linux
UnderINK

I agree with the previous commenter wholeheartedly. I couldn't say it better myself. This is very 'Big Brother'. And while I agree with protecting...

20 hours ago by UnderINK on European e-identity plan to be unveiled this month
Simon Bisson and Mary Branscombe

Nice to see that Turing's idea of a general purpose computer doing once-hardware-powered tasks in software is now universal ;-) Mary

1 day ago by Simon Bisson and Mary Branscombe on Software with everything
Jason Burchell

seriously now. I've only bothered to read a small bit of the comments. do me and the rest of the world a favour. stop saying it does not work or...

1 day ago by Jason Burchell via Facebook on Music industry negotiating over 24-bit downloads
Philip Charles Cohen

Read about it and weep, John Donahoe ... In addition to Visa’s V.me, there is now MasterCard’s PayPass digital wallet soon to arrive; another...

1 day ago by Philip Charles Cohen via Facebook on PayPal takes phone-based payments to the high street
apexwm

Leslie Satenstein : Where have you ever seen Mozilla even mention this? Firefox is the most popular browser in the GNU/Linux OS, so I don't see...

1 day ago by apexwm on Firefox rapid release improves Fedora Linux
songmaster

SHleG: Do you remember building a clockwork scorpion kit (I'm pretty sure I have a photo of it somewhere) — I think it was called something like...

1 day ago by songmaster on Software with everything
Chris Wortman

Good I love Yahoo! Their search engine is getting better than Google as of late. I find more of what I want on the first page, and usually within...

2 days ago by Chris Wortman via Facebook on Linux Mint 13 ramps up for KDE release
PatrickG

openhgs has made the point for Windows 8 multiple monitors without realising it! With Windows 7 you have to switch the mouse and so your focus...

2 days ago by PatrickG on Windows 8 could speed multi-monitor uptake
Leslie Satenstein

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

2 days ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux
Andy Bolstridge

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

2 days ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT
Jack Schofield

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

2 days ago by Jack Schofield on Windows 8 could speed multi-monitor uptake
Jack Schofield

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

2 days ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT
craigsc

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

2 days ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Moley

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

2 days ago by Moley on Windows 8 start-up speed forces USB boot workaround
apexwm

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

2 days ago by apexwm on Windows 8 start-up speed forces USB boot workaround