Dalia Solomon Survey of Attacks Computers are always vulnerable to attacks when they are on the network. Attackers could exploit a system by attacking vulnerable application or install programs that allow them to gain access to the computer. The following is a list of attacks categories that have been recorded. Buffer overflow attacks These attacks are caused by the attacker finding exploit in applications which allow them to overflow a buffer in the system. These overflows could be due to applications not setting the size of file it could receive or not doing enough error checking. OpenSSL servers contain a buffer overflow during SSL2 handshake. OpenSSL server prior to 0.9.6e is vulnerable when a client uses a malformed key during the handshake process with an SSL server connection using the SSLv2 communication process. ** rsync program contain a exploitable vulnerability. An integer overflow error is discovered in the rsync’s memory handling routines. An attacker sending an extremely large file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error is primarily from the rsync program used in server mode. ** Yahoo Messenger contains vulnerability in YAuto.DLL. There is a problem when handling some types of requests by ActiveX controls installed with Yahoo Messenger. As a result an attacker could cause a buffer overrun and execute arbitrary code on a vulnerable host. Denial of service attacks This attack is characterized by an attacker attempting to prevent users of the system from using a certain service. Some form of these attacks are as follow: 1. Attackers could try to "flood" a network, thereby preventing legitimate network traffic 2. Attackers attempts to disrupt connections between two machines, thereby preventing access to a service 3. An attacker could attempts to prevent a particular individual from accessing a service Dalia Solomon 4. They could attempt to disrupt service to a specific system or person There is vulnerability in Microsoft’s Windows Workstation Service (WKSSVC.DLL). Attacker could cause a denial of service or to execute arbitrary code using this exploit. The logging function implemented in Workstation Service contains a flaw. RPC service permit the passing of long strings to vsprintf() routine to create log entries. There is no bound check for vsprintf() routine thus it is possible to create a bugger overflow situation. Kernel exploits These attacks target vulnerability in some version of the Linux kernel. In these attacks the attacker could exploit system functions that don’t do enough checking. The kernel is responsible for controlling and mediating access to the hardware. The kernel implements and supports fundamental abstractions (processes, files, devices) etc. Red Hat Enterprise Linux kernel version 2.4.21 does not perform adequate checking of eflags in 32-bit ptrace emulation mode. Local user could gain root privileges by exploiting this vulnerability in Linux. ** There is a vulnerability in the Linux kernel do_mremap system function. Because of a bound checking issue within the function, it is possible for a local attacker to interfere with the operation of the kernel. ** Browser exploits An attacker uses scripting languages in the browser to mislead the user into giving away confidential information. Microsoft Internet Explorer does not properly display the location of HTML documents. Web browsers display the Uniform Resource Locator in the address bar. Microsoft Internet Explorer does not properly display URLs that contain certain non-printable characters. An attacker could exploit this and mislead users into revealing sensitive information. Backdoor exploits An attacker has some means of accessing the system without the owner knowledge through an open port. Backdoor.IRC.Cirebot is a Trojan Horse that exploits the Microsoft DCOM RPC vulnerability. Backdoor.IRC.Cirebot is made up of a backdoor component and a hacktool component that installs the backdoor on a vulnerable machine. Dalia Solomon Note: The ** means attacks on Linux system