Computer Security and Penetration Testing: Linux Vulnerabilities
Computer Security and Penetration Testing: Linux Vulnerabilities
Testing
Chapter 17
Linux Vulnerabilities
Objectives
• Identify UNIX-based operating systems
• Identify Linux operating systems
• Identify vulnerabilities from default installation
• Identify various vulnerabilities in Linux and UNIX-
based utilities
• Telnet
– Allows users to connect to a UNIX, Linux, or Windows
computer from remote locations
– Sends data unencrypted over the network
• Hackers take advantage of this service by using
brute-force and dictionary attacks
– To connect to a target system
• telnet must be disabled
– Use ssh instead
• groff package
– Used in Red Hat Linux for document formatting
• There is a buffer overflow vulnerability in the
preprocessor of this package
– Prior to version 1.7.3
– Enables attackers to gain access rights to the lp
account in the target system
• Hackers need to invoke groff in the LPRng printer
spooler