User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE

Chapter 1. Security Overview

14

Exploit Description Notes

Preventative measures include

services with cryptographic key

exchange, one-time passwords, or

encrypted authentication to prevent

password snooping; strong encryption

during transmission is also advised.

Service

Vulnerabilities

An attacker finds a flaw or loophole

in a service run over the Internet;

through this vulnerability, the attacker

compromises the entire system and

any data that it may hold, and could

possibly compromise other systems on

the network.

HTTP-based services such as CGI

are vulnerable to remote command

execution and even interactive shell

access. Even if the HTTP service

runs as a non-privileged user such

as "nobody", information such as

configuration files and network maps

can be read, or the attacker can

start a denial of service attack which

drains system resources or renders it

unavailable to other users.

Services sometimes can have

vulnerabilities that go unnoticed

during development and testing;

these vulnerabilities (such as buffer

overflows, where attackers crash a

service using arbitary values that fill

the memory buffer of an application,

giving the attacker an interactive

command prompt from which they may

execute arbitrary commands) can give

complete administrative control to an

attacker.

Administrators should make sure that

services do not run as the root user,

and should stay vigilant of patches and

errata updates for applications from

vendors or security organizations such

as CERT and CVE.

Application

Vulnerabilities

Attackers find faults in desktop and

workstation applications (such as e-

mail clients) and execute arbitrary

code, implant trojan horses for future

compromise, or crash systems.

Further exploitation can occur if

the compromised workstation has

administrative privileges on the rest of

the network.

Workstations and desktops are more

prone to exploitation as workers do

not have the expertise or experience

to prevent or detect a compromise; it

is imperative to inform individuals of

the risks they are taking when they

install unauthorized software or open

unsolicited email attachments.

Safeguards can be implemented

such that email client software

does not automatically open or

execute attachments. Additionally,

the automatic update of workstation

software via Red Hat Network or other

system management services can