Accessing, Modifying or Executing Executable Files |
Attack Pattern ID: 17 (Standard Attack Pattern Completeness: Complete) | Typical Severity: Very High | Status: Draft |
Summary
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
System's configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subkect and the object is set incorrectly or assumes a benign environment.
Description
Consider a directory on a web server with the following permissions
This could allow an attacker to both execute and upload and execute programs' on the web server. This one vulnerability can be exploited by a threat to probe the system and identify additional vulnerabilities to exploit.
Skill or Knowledge Level: Low
To identify and execute against an overprivileged system interface
Ability to communicate synchronously or asynchronously with server that publishes an overprivileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP.
Design: Enforce principle of least privilege
Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.
Implementation: Perform testing such as pentesting and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.
- Run Arbitrary Code
- Data Modification
- Information Leakage
- Privilege Escalation
Enables attacker to execute server side code with any commands that the program owner has privileges to.
CWE-ID | Weakness Name | Weakness Relationship Type |
---|---|---|
732 | Incorrect Permission Assignment for Critical Resource | Targeted |
285 | Improper Access Control (Authorization) | Targeted |
272 | Least Privilege Violation | Targeted |
59 | Improper Link Resolution Before File Access ('Link Following') | Targeted |
282 | Improper Ownership Management | Targeted |
275 | Permission Issues | Targeted |
264 | Permissions, Privileges, and Access Controls | Targeted |
270 | Privilege Context Switching Error | Targeted |
693 | Protection Mechanism Failure | Targeted |
Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
---|---|---|---|---|---|
ChildOf | Attack Pattern | 1 | Accessing Functionality Not Properly Constrained by ACLs | Mechanism of Attack1000 | |
ChildOf | Attack Pattern | 165 | File Manipulation | Mechanism of Attack (primary)1000 | |
ChildOf | Category | 233 | Privilege Escalation | Mechanism of Attack (primary)1000 | |
ChildOf | Category | 350 | WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions | WASC Threat Classification 2.0333 |
Submissions | ||||
---|---|---|---|---|
Submitter | Organization | Date | ||
G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley, February 2004. | Cigital, Inc | 2007-01-01 |
Modifications | |||||
---|---|---|---|---|---|
Modifier | Organization | Date | Comments | ||
Gunnar Peterson | Cigital, Inc | 2007-02-28 | Fleshed out content to CAPEC schema from the original descriptions in "Exploiting Software" | ||
Sean Barnum | Cigital, Inc | 2007-03-09 | Review and revise | ||
Richard Struse | VOXEM, Inc | 2007-03-26 | Review and feedback leading to changes in Name, Description and Examples | ||
Sean Barnum | Cigital, Inc | 2007-04-13 | Modified pattern content according to review and feedback |