6.30. When there are no restrictions for unprivileged users and if the option for config_rdskernel configuration is set, hackers can write arbitrary values into kernel memory (by making specific types of socket function calls) since kernel software has not authenticated that the user address is actually found in the user segment. The lack of verification of the user address can provide hackers to gain privileges and access to areas that they should not have, since they are not users with an address residing in the proper user segment. Perhaps the most insecure facet of Unix systems can be found in the usage of r-tools, which also routinely fail to verify the authenticity of user names and addresses. In theory, r-tools are supposed to function as a measure of convenience which allows privileged users the ability to login to networks and individual computers without presenting a password. Yet this same potential allows for intruders to gain entry into these same systems due to the r-tools' penchant for "trusting" hostnames and usernames based on Unix authentication, which is not always authentic. The most frequently found r-tools in Unix include rlogin (which runs on the TCP port 513 and creates a remote shell on a particular systems, rsh (which functions similarly to rlogin with the exception that it completes a command on a remote host and returns its output), and rcp (which replicates file information to or from a remote host). Rwho is one of the most valuable r-tools for a hacker, since it communicates with rwho machines and determines which users are logged into what aspect of a local subnet. Such a tool could allow hackers to gain several verified usernames for hosts. Rexec is nearly identical in function to rsh, except that the former can provide information about passwords if they are stored in a user's shell history.

There are several...

Some of these means are directly related to the vulnerabilities previously outlined. In the case of the weaknesses presented to Linux systems due to r-tools, the most effect measure of protection would be to turn those tools off and remove them (as soon as possible), and substitute SSH for them, which has a better authentication process and encrypts its traffic. The security issues presented with the RDS protocol in unpatched versions of the Linux kernel may be remedied by installing updates from Linus Torvalds or by applying the limited patch and recompiling the kernel.
General control for Linux systems which may be vulnerable during the enumeration phase include employment of firewalls, anti-virus software, intrusion detection systems, intrusion protection systems and vulnerability assessment tools. It is also recommended that Unix users make an effort to close all unused ports and services to prevent intrusion. Firewalls are most effective when they are well configured and installed in a company's network, so that they can rebuff hackers by creating a virtual wall between the network and the surrounding presence of the internet. Intrusion detection systems provide a degree of circumspection for an entire network and report any suspect activity to administrators -- particularly in light of an attack. Anti-virus software can find and extricate the presence of viruses and spyware, while intrusion prevention systems also monitor networks for malignant activity and create a log of it.

References

Noyes, K. (2010). Linux Kernel Exploit Gives Hackers A Back Door. PC World. Retrieved from http://www.pcworld.com/businesscenter/article/205867/linux_kernel_exploit_gives_hackers_a_back_door.html