Linux security vulnerabilities lurking around you

In this article, I will share with you some real-world Linux security vulnerabilities.

Generally, the simplest vulnerability is to obtain unprotected NetBIOS sharing information from a Linux system. Defective Samba configuration files are usually prone to leakage. For example, file sharing may end your troubles for convenience. I have seen Samba-based Linux systems share resources that allow all people on the network to access sensitive information, including patient health records and detailed information such: infrastructure system password and source code.

Some attacks are very simple to execute. All the people who execute these tasks must log on to the network with normal Windows user permissions, even if they do not have administrator permissions) and run a network security and vulnerability scanning tool like GFI logging ard, then run an information search tool similar to FileLocator. In this way, it is really easy for anyone to obtain confidential files that should not be accessed, and this will never be noticed.

The related attacks only target users who are not well configured with FTP servers. Their servers allow anonymous connections or set weak passwords or even no passwords. Here is an example to illustrate:

 
: Anonymous FTP in Linux results in Data Access

In this case, provide anonymous FTP access to the configuration file to obtain the password from the financial management database encoding, where you can obtain the desired information.

Another type of Samba may cause remote user enumeration. When Samba configuration in a Linux system allows visitor access, Vulnerability Scanners like Nessus and QualysGuard can collect user names. In most cases, attackers can use this user name to attack Linux accounts in subsequent password cracking. In many cases, you can also use a web vulnerability scanner similar to WebInspect or Acunetix without installing Apache in httpd. to collect the account information of Linux users.

I have recently seen this problem about passwords. When a CGI application runs on a Linux-based Web server, it does not properly filter input information, in addition, local files can be contained in HTTP queries, as shown in figure 2.

 
: Website input verification problems may cause Linux files to be accessed

In this particular case, hundreds of user accounts will be leaked in the Linux Password File returned by the Web application. Although this password is blocked, it is still easy to crack the system password because all user accounts are known. This type of attack may also cause other Linux operating systems and data files to be easily exposed.

Finally, if I did not mention the patch, I would be remiss. It is demonstrated that it is one of the most vulnerable vulnerabilities that lead to the worst results. This applies to operating systems and third-party software. For example, in this case, an attacker can use free tools such as Metasploit to obtain all the permissions of the operating system in step 3 within just a few minutes after being connected to the Internet.

 
: Use this Metasploit tool to use expired Samba versions.

Similarly, in most cases, it is too late to know such an attack.

Sometimes you will find that the Linux kernel itself does not recognize some vulnerabilities, but they will still be exploited to generate more Linux system problems. When you perform a Linux vulnerability check, do not forget to view your Linux system from every angle. It is because some problems cannot be exploited from the outside. It does not mean that they cannot be abused by so-called "trustworthy" people after logging on through normal logon. In addition, because the risk report does not list every security risk in the system environment, you need to use automatic scanning tools with reservation for some discoveries. Filtering out important items from the remaining electronic interference signals will only make you invest too much and cause more trouble.