Linux and Some Common Computer Vulnerabilities

By Emmett Dulaney

Prevention in Linux includes the mechanisms (nontechnical and technical) that help prevent attacks on the system and the network. Before you can think of prevention, however, you have to know the types of problems you’re trying to prevent — the common security vulnerabilities.

The prevention and detection steps typically depend on the specific vulnerabilities. Basically, the idea is to check whether a host or a network has the vulnerabilities that crackers exploit.

Online resources on computer vulnerabilities

Several online resources identify and categorize computer security vulnerabilities:

  • SANS Institute publishes a list of the top 20 most critical Internet security vulnerabilities — the Top Cyber Security Risks index — at www.sans.org/top20.

  • CVE (Common Vulnerabilities and Exposures) is a list of standardized names of vulnerabilities. For more information on CVE, see http://cve.mitre.org. Using the CVE name to describe vulnerabilities is common practice.

  • National Vulnerability Database (NVD) is a searchable index of information on computer vulnerabilities, published by the National Institute of Standards and Technology (NIST), a United States government agency. NVD is online at http://nvd.nist.gov.

Typical computer vulnerabilities

The SANS Internet security vulnerabilities list includes several types of vulnerabilities, such as Windows, cross-platform, and Unix. Of these, Unix and cross-platform vulnerabilities are relevant to Linux.

The table summarizes some common Unix and cross-platform vulnerabilities that apply to Linux.

Some Common Vulnerabilities to Unix Systems
Vulnerability Type Description
BIND DNS Berkeley Internet Name Domain (BIND) is a package that
implements Domain Name System (DNS), the Internet’s name
service that translates a name to an IP address. Some versions of
BIND have vulnerabilities.
Apache Web Server Some Apache Web Server modules (such as mod_ssl) have known vulnerabilities. Any
vulnerability in Common Gateway Interface (CGI) programs used with
web servers to process interactive web pages can provide attackers
a way to gain access to a system.
Authentication User accounts often have no passwords or have weak passwords
that are easily cracked by password-cracking programs.
CVS, Subversion Concurrent Versions System (CVS) is a popular source-code
control system used in Linux systems. Subversion is another version
control system for Linux that is becoming popular. These version
control systems have vulnerabilities that can enable an attacker to
execute arbitrary code on the system.
sendmail sendmail is a complex program used to
transport mail messages from one system to another, and some
versions of sendmail have
vulnerabilities.
SNMP Simple Network Management Protocol (SNMP) is used to remotely
monitor and administer various network-connected systems ranging
from routers to computers. SNMP lacks good access control, so an
attacker may be able to reconfigure or shut down your system if it
is running SNMP.
Open Secure Sockets Layer (OpenSSL) Many applications, such as Apache Web Server, use OpenSSL to
provide cryptographic security for a network connection.
Unfortunately, some versions of OpenSSL have known vulnerabilities
that could be exploited.
Network File System (NFS) and Network Information Service
(NIS)
Both NFS and NIS have many security problems (for example,
buffer overflow, potential for denial-of-service attacks, and weak
authentication). Also, NFS and NIS are often misconfigured, which
could allow local and remote users to exploit the security
holes.
Databases Databases such as MySQL and PostgreSQL are complex applications
and can be difficult to correctly configure and secure. These
databases have many features that can be misused or exploited to
compromise the confidentiality, availability, and integrity of
data.
Linux kernel The Linux kernel is susceptible to many vulnerabilities, such
as denial of service, execution of arbitrary code, and root-level access to the system.