Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

Published byAshlynn Hall Modified over 8 years ago

Similar presentations

Presentation on theme: "CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX."— Presentation transcript:

1 CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX

2 CGI Scripts The Common Gateway Interface (CGI) is a standard for interfacing external applications with information servers, such as HTTP or Web servers Any time that a program is interacting with a networked client, there is the possibility of that client attacking the program to gain unauthorized access. Even the most innocent looking script can be very dangerous to the integrity of your system. Guidelines for writing secure CGI Scripts List of CGI vulnerabilities

3 Aglimpse Operating Systems – UNIX and similar OSs Protocol Services – Port 80 HTTP Glimpse is a search engine used to efficiently search for information in large numbers of files. "aglimpse" is a CGI program that makes up part of a WWW gateway to Glimpse. A vulnerability exists in the /cgi-bin/aglimpse script which allows a remote user to execute arbitrary commands on the remote system as the user which the web server runs as Signature of attack Because attack is carried out using normal HTTP commands monitoring network packets with a sniffer will not likely reveal the attack – looks like a legitimate request of web content from server Have to look at web server logs Protection Against Web server should be run as user, never root, with minimal access Use latest version of Webglimpse - http://webglimpse.net/http://webglimpse.net/

4 Campas Operating Systems – UNIX Protocol Services – Port 80 HTTP The file /cgi-bin/campas can be used to remotely view any file your web server has permissions to view Signature of attack Because attack is carried out using normal HTTP commands monitoring network packets with a sniffer will not likely reveal the attack – looks like a legitimate request of web content from server Have to look at web server logs Protection Against Web server should be run as user, never root, with minimal access Upgrade your web server and ensure that campras script is no longer available on your server

5 NetPR Operating Systems – Solaris Protocol Services – Network Printing Service A security vulnerability is present in several version of netpr. The exploit code enables local users to gain root privileges by exploiting a buffer overflow problem in the netpr applicationexploit code Protection against Apply vendor patches

6 DTprintinfo Operating Systems – Solaris Protocols/Services – Local boundary condition error using the dtprintinfo command The exploit code enables local users to gain root privileges by exploiting a stack buffer overflow problem in the dtprintinfo applicationexploit code Protection against Apply vendor patches Using an application such as CA’ Etrust that manages root authorityCA’ Etrust Saint Jude Project – nothing new since 2002; currently soliciting for new administrator Saint Jude Project

7 Sadmind Operating Systems – Sun OS Protocols/Services – sadmind (Solstice AdminSuite daemon) collection of applications, provided by Sun for enterprise system management Exploit The default configuration of sadmind uses a set of unencrypted Remote Procedure Calls (RPC) to authenticate between two machines. Because the authentication sequence is unencrypted, an attacker can create a set of specially constructed RPC packets that allow her to forge a valid client identity. Protection Later Website ( http://securecomputing.stanford.edu/alerts/sadmind- 16sept2003.html#anchorthree) gives different information than text re Sun (no patches) http://securecomputing.stanford.edu/alerts/sadmind- 16sept2003.html#anchorthree To protect systems against forged client compromises, Sun recommends either completely disabling sadmind or modifying its configuration to require DES encryption for its authentication sequence. Most Stanford Solaris users do not use the Solaris AdminSuite tools, and are therefore strongly encouraged to disable sadmind. Do this by commenting out the appropriate line in /etc/inetd.conf by adding a '#' sign at the beginning, and then restarting inetd.

8 XWindows Operating Systems – UNIX with XWindows Protocols/Services – XWindows and XTest Exploit One way to tunnel into a network from the outside using normal features of the XWindows protocol, and ultimately gaining control over the computer system of an internal system administrator using the XTest XWindows extension. http://216.239.39.104/search?q=cache:1hPYrA7WWykJ:www.giac. org/practical/Chris_Covington.doc+xwindows+exploit&hl=en http://216.239.39.104/search?q=cache:1hPYrA7WWykJ:www.giac. org/practical/Chris_Covington.doc+xwindows+exploit&hl=en Protection One of the biggest things that you can do is to block the 6000 port range on the firewall, and to make sure that each client that can tunnel XWindows traffic is specifically denied by a configuration file on the client (since a successful attacker can alter the external server side) if it tries to tunnel to an external computer.

9 Solaris Catman Race Condition Operating Systems – Sun Solaris Protocols/Services – Catman Service Exploit Through the use of symbolic links from temporary files created by /usr/bin/catman, local users can force the root user running catman to overwrite critical files, possibly causing a denial of service attack. The catman command creates preformatted versions of the online manual. It also creates the windex database for utilities like apropos and whatis. The problem lies with catman creating a temporary file in /tmp, the file has the form of /tmp/sman_pidofcatman. An attacker can monitor the process list for the execution of catman and create a symlink to a root owned file. Catman will upon execution overwrite the contents of that file. Protection – Apparently Sun never created any patches but possible solution can be found at http://www.securityfocus.com/bid/2149/exploithttp://www.securityfocus.com/bid/2149/exploit

10 Multiple Linux Vendor RPC.STATD Exploit Operating Systems – Various Linux Versions Protocols/Services – rpc.statd (Remote Procedure Call) Exploit The rpc.statd program passes user-supplied data to the syslog() function as a format string. If there is no input validation of this string, a malicious user can inject machine code to be executed with the privileges of the rpc.statd process, typically root. Protection Upgrade your version of rpc.statd Disable the rpc.statd service Block unneeded ports at your firewall

Download ppt "CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,

Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.

Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.
11/02/2000HEPiX-HEPNT 2000, Jefferson Lab1 Unix/Linux Security Update Bob Cowles November 2, 2000.

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab1 Unix/Linux Security Update Bob Cowles November 2, 2000.

Similar presentations

Ads by Google