Web Servers, BIND Top 2004 Vulnerabilities List

By Ryan Naraine (Send Email)
Posted Oct 12, 2004


The SANS Institute has released its annual list of the top 20 Internet security vulnerabilities, pinpointing Web servers and services (Windows) and the BIND Domain Name System (Unix) as containing the most dangerous security holes.

The SANS Institute released its annual list of the top 20 Internet security vulnerabilities, pinpointing Web servers and services (Windows) and BIND (Unix) as containing the most dangerous security holes.

For the first time since creating the list five years ago, the SANS (SysAdmin, Audit, Network, Security) Institute split the list in two to identify the top 10 most commonly exploited holes in Windows and Unix systems and warned that the security bugs require urgent attention.

According to the list, the top 10 vulnerabilities for Windows systems are:

  1. Web Servers & Services
  2. Workstation Service
  3. Windows Remote Access Services
  4. Microsoft SQL Server (MSSQL)
  5. Windows Authentication
  6. Web Browsers
  7. File-Sharing Applications
  8. LSAS Exposures
  9. Mail Client
  10. Instant Messaging

The top 10 flaws for Unix Systems are:

  1. BIND Domain Name System
  2. Web Server
  3. Authentication
  4. Version Control Systems
  5. Mail Transport Service
  6. Simple Network Management Protocol (SNMP)
  7. Open Secure Sockets Layer (SSL)
  8. Misconfiguration of Enterprise Services NIS/NFS
  9. Databases
  10. Kernel

"Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these 20 vulnerable services," the institute said.

The top 20 list is described as "a living document" that includes step-by-step instructions and pointers to additional information for correcting the security flaws.

In identifying Web servers and services as the most vulnerable for Windows users, the institute warned that default installations of various HTTP servers and additional components for serving HTTP requests have proven vulnerable to a number of serious attacks over time.

Successful exploits of Web Server flaws include Denial-of-Service attacks, data exposure, malicious code execution and complete server compromise.

The vulnerable HTTP servers include Microsoft's IIS, the open-source Apache project, and Sun's iPlanet (SunONE). The institute urged IT administrators to ensure all patches are up to date for the server and that a current version is running.

"In most HTTP server software, the default configuration is rather open, leaving large avenues for exploit. Whilst this has been changed to a 'secure by default' posture for IIS 6.0, it is crucial that administrators take the time to fully understand their Web server and adjust the configuration to allow only those features and services required," it added.

On the Unix side, SANS said buffer overflows and cache poisoning throughout 2004 have plagued the Berkeley Internet Name Domain (BIND) package. The BIND domain name system is used to handle the conversion of hostnames into the corresponding IP address but, because of its critical nature, it has been made the target of frequent attack.

"Although the BIND development team has historically been quick to respond to and/or repair vulnerabilities, an excessive number of outdated, misconfigured and/or vulnerable servers still remain in production," the institute warned.

The 2004 list includes detailed explanations of each vulnerability and the corresponding attack vector and provides security information for enterprise IT admins.

This article was originally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.