Stamford, Conn.-based security firm IPxray has issued an alert on five "easily fixed" vulnerabilities it believes attackers are most likely to exploit.
Based on more than 4,000 corporate network scans in the last month, the company said it found security holes hackers could use to "enter, disrupt or even take over corporate networks." The majority of the flaws can be quickly fixed with software patches or upgrades, the company added.
"We have examined data from the thousands of networks that have been scanned by our service in the last month. It is clear that a significant number of sophisticated, corporate networks suffer from dangerous security vulnerabilities," Sholom Ellenberg, CEO of IPxray, said in a statement. "The good news is that many of the most prevalent security holes can be fixed relatively easily. People just have to know to look for the vulnerabilities. By issuing this alert we want to illustrate the real potential for trouble that exists. We also hope that this alert is an incentive for IT and network managers to examine and fix their networks."
The most common of these vulnerabilities is the "IIS: WebDAV overflow" outlined by Microsoft last year in MS03-007. "According to Microsoft, this vulnerability can allow an attacker to 'run code of [the] attacker's choice' on the affected server and has a severity rating of 'critical,'" IPxray said. "Windows 2000 servers running IIS are especially vulnerable and should be patched immediately."
The second most common vulnerability found by the scans is the "Apache 1.3.31 htpasswd local overflow," the company said, adding, "This vulnerability affects all Apache Web servers with version numbers up to and including 1.3.31. The vulnerability is linked to a buffer overflow in the htpasswd command, which could allow an attacker to execute arbitrary code on the system with the same privileges as the httpd process. The recommended fix for this vulnerability is to upgrade to a version of Apache later then 1.3.31."
The third most prevalent vulnerability is the "IIS FrontPage ISAPI denial of service.". "According to Microsoft, hackers can exploit this vulnerability to generate denial-of-service attacks on Web sites running Microsoft's FrontPage Web server," the company said. "This is fixed in patch Q319733 from Microsoft and is listed in Microsoft Security Bulletin MS02-018."
The other vulnerabilities are the "OpenSSH 3.7.1, php arbitrary file upload" and the "Apache mod_access rule bypass."
"Hacker attacks and break-ins of corporate networks grow in number every month," Ellenberg said. "Aberdeen Group estimates that Internet-based disruptions that are being incurred by businesses from security-related causes such as worms and other online-related attacks cost corporations an average of $2 million an incident. Aberdeen's research also states that companies average one incident a year."