You are in: Articles / Operating Systems / A look at real-world exploits of Linux security vulnerabilities

A look at real-world exploits of Linux security vulnerabilities

(Kevin Beaver, CISSP) Probably the simplest exploit to carry out against Linux systems is to look for unprotected NetBIOS shares. Weak Samba configurations are often very revealing. For example, file shares created for the sake of convenience can end up coming back to haunt you. I've seen Samba-based Linux shares that provided anyone and everyone on the network with access to sensitive files containing patient health records, and network diagrams with detailed information (e.g., passwords for accessing network infrastructure systems, source code, etc.).

This attack is simple to carry out. All someone needs to do is to be logged into the network as a standard Windows user (i.e. no admin privileges), run a network share finder tool such as what's available in GFI LANguard, and then run a text search tool such as FileLocator Pro. As I have mentioned before, it's really simple for anyone on the network to gain access to sensitive documents they otherwise should not have access to - and no one may ever know about it.

A related attack is one against poorly-configured FTP servers that allow anonymous connections or have accounts with weak or nonexistent passwords.

In this situation anonymous FTP provided access to a configuration file that happened to have the password for a financial management database hard-coded into it. You know where things can go from there.

Another Samba exploit can lead to remote user enumeration. When a Linux system's Samba configuration allows for guest (i.e. null session) access, vulnerability scanners such as Nessus and QualysGuard can enumerate the system to glean user names. In most instances an attacker can use these user names in subsequent password-cracking attacks against Linux accounts. In many cases, you can also use a Web vulnerability scanner such as WebInspect or Acunetix Web vulnerability scanner to glean Linux user accounts via an unsecured Apache installation that doesn't have the UserDir Disabled directive in the httpd.conf file.

Rating: 12345
Leave a comment

Note: all fields marked with (*) are required
Comments (0)
Close send to email window

Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll

What OS do you use for your email server?
disabled next

How many mailboxes do you currently manage?
previous next

Would you like to comment upon the choosing of this particular OS?

DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)