The same types of issues that apply to Windows service and protocol configurations also apply to Linux. As with Windows, most Linux distros ship with default services, but many are added after installation. The key difference is that Microsoft provides the software for most of the common Windows-based services. Linux, on the other hand, depends on third parties to develop and provide the software. You choose the application you want, and download the package that is appropriate for your distribution and platform. This "mix and match" approach makes the range of possible service and protocol configurations much wider in Linux. As a pen tester, you should research possible exploits for the Linux kernel, service/application, and protocol versions that you discover.

Some notable exploits that have affected Linux services and protocols include the following.

Exploit

Description

GHOST CVE-2015-0235

  • Exploits how the popular EXIM mail server uses the gethostbyname function in the GNU C library (glibc).
  • Can give an attacker remote control over the entire system.
  • Affects nearly all distros that have EXIM installed.
  • Metasploit module exploit/linux/smtp/exim_gethostbyname_bof.

Shellshock CVE-2014-6271, CVE-2014-6278

  • Exploits a vulnerability in how the Bash shell handles external environment variables.
  • Exploit-db.com lists 15 exploits.
  • Metasploit has 10 exploit modules; search shellshock.

Heartbleed CVE-2014-0160

  • A platform-independent information disclosure vulnerability in the OpenSSL encryption library.
  • OpenSSL uses a special heartbeat message that echoes data back to confirm that it was received correctly. If exploited properly, it can induce the server to also echo back random data from memory, including login credentials and session cookies.
  • Metasploit module auxiliary/scanner/ssl/openssl_heartbleed, https://gist.github.com/eelsivart/10174134

POODLE CVE-2014-3566, CVE-2014-8730

  • A platform-independent man-in-the-middle attack that forces web servers and browsers to negotiate down from the stronger TLS to the weaker SSL 3.0.
  • https://github.com/mpgn/poodle-PoC
Linux Service Installation Methods

The most common installation commands include:

  • Debian/Ubuntu APT apt-get install <package name>
  • Fedora/Redhat yum yum install <package name>
  • Mandriva URPM urpmi <package name>
  • SUSE YaST yast -i <package name>
  • Generic source code, often distributed as a tarball tar -xzvf <name>.tar.gz