Redirect Access to Libraries
Attack Pattern ID: 159 (Standard Attack Pattern Completeness: Stub)Typical Severity: Very HighStatus: Draft
+ Description

Summary

An attacker exploits the execution flow of a call to an external library to point to an attacker supplied library or code base, allowing the attacker to to compromise the application or server via the execution of unauthorized code. An application typically makes calls to functions that are a part of libraries external to the application. These libraries may be part of the operating system or they may be third party libraries. If an attacker can redirect an application's attempts to access these libraries to other libraries that the attacker supplies, the attacker will be able to force the targeted application to execute arbitrary code. This is especially dangerous if the targeted application has enhanced privileges. Access can be redirected through a number of techniques, including the use of symbolic links, search path modification, and relative path manipulation.

+ Attack Prerequisites

The target must utilize external libraries and must fail to verify the integrity of these libraries before using them.

+ Resources Required

No special resources are required for this attack beyond the ability to redirect the attacker's access to libraries.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern176Configuration/Environment manipulation 
Mechanism of Attack (primary)1000
Back to top