© SANS Institute 2003, Author retains full rights
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2003, As part of the Information Security Reading Room. Author retains full rights.
• Buffer Overflows
The result of a program failing to properly check the boundaries of user input.
If more data is entered into a memory buffer than it was intended to store, the
data will overwrite data in adjacent buffers potentially giving an attacker
control of the vulnerable application and access to the system privileges
granted to that application.
• Race Conditions
A vulnerability in a program that does not properly check for the previous
existence of a file before writing to it. In some cases, the delay between a
check and the creation of the file may afford an attacker enough time to create
a link to an important system file so that when the application tries to create
the new file, it ends up overwriting or corrupting the other file.
• Special Character Processing
A vulnerability that allows an attacker to insert special characters into URLs
pointing to scripts that process web forms. These character sequences could
allow attackers to execute arbitrary code on the web server. Although most
web servers are configured to run as unprivileged users today, these type of
attacks can allow for unauthorized entry into a system which can be used to
leverage attacks against other flawed applications.
Methods to prevent or mitigate the risk posed by a successful attack are generally
applied on either the application level or the operating system level. A standard way to
mitigate risk on the application level is by granting it the least amount of privilege
required to perform its duties. While most applications do not need to run as a
privileged user, there are some system level applications which require superuser
privileges to perform certain tasks. In the past, many attacks against applications such
as the Apache web server, the Berkeley Internet Name Domain (BIND) server, and the
Sendmail mail server led to full system compromise as they required superuser
privileges to function. In the 2.4 kernel series, enhancements to the kernel capabilities
system makes it possible for applications to execute initially as root and then drop
superuser privileges to run as a regular user. These enhancements are quite beneficial
to overall system security, and today, most Linux distributions configure applications
such as Apache, BIND, and Sendmail to run as unprivileged users by default.
Another tactic adopted to secure certain system level applications is through the use of
the chroot program. chroot makes an application execute inside a special shell with a
new root directory, effectively isolating it from the rest of the system. If an attacker were
able to exploit a vulnerability in an application running in a chroot jail, they would only
have access to this limited root file system containing the essential programs,
configuration files and libraries necessary for the application to operate. Unfortunately,
chroot jails are not exempt from security flaws – in some situations when an application
inside a chroot jail is running as a superuser, there are methods which allow attackers
to break out of the jails.(3)
The millions of lines of source code that comprise the applications used on today's
Linux systems make it nearly impossible to fully audit each application and remove all
potential vulnerabilities. While still a critical component of a defense in-depth strategy,
@ 2021 SANS Institute Author Retains Full Rights
评论0