RPC and other vulnerable daemons are common targets for buffer-overflow attacks. Buffer overflow attacks are often how the hacker can get in to modify system files, read database files, and more.
In a buffer overflow attack, the attacker either manually sends strings of information to the victim Linux machine or writes a script to do so. These strings contain the following:
- Instructions to the processor to basically do nothing.
- Malicious code to replace the attacked process. For example, exec (“/bin/sh”) creates a shell command prompt.
- A pointer to the start of the malicious code in the memory buffer.
If an attacked application (such as FTP or RPC) is running as root (certain programs do), this situation can give attackers root permissions in their remote shells. Specific examples of vulnerable software running on Linux are Samba, MySQL, and Firefox. Depending on the version, this software can be exploited using commercial or free tools such as Metasploit ( www.metasploit.com ) to obtain remote command prompts, add backdoor user accounts, change ownership of files, and more.