CAPEC 234

Hijacking a privileged process

Attack Pattern ID: 234 (Standard Attack Pattern Completeness: Stub)

Typical Severity: Medium

Status: Draft

Description

Summary

An attacker gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of prevelege in order to execute their own code. Processes can be hijacked through inproper handling of user input (for example, a buffer overflow or certain types of injection attacks) or by utilizing system utilities that support process control that have been inadequately secured.

Attack Prerequisites

The targeted process or operating system must contain a bug that allows attackers to hijack the targeted process.

Resources Required

No special resources are required.

Related Weaknesses

CWE-ID	Weakness Name	Weakness Relationship Type
732	Incorrect Permission Assignment for Critical Resource	Targeted
648	Incorrect Use of Privileged APIs	Secondary

Related Vulnerabilities

Vulnerability ID	Relationship Description
CVE-2008-1363	VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
CVE-2007-6705	The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

Vulnerability ID

Relationship Description

CVE-2008-1363

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."

CVE-2007-6705

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

Related Attack Patterns

Nature	Type	ID	Name	Description	View(s) this relationship pertains to $View$s$$
ChildOf	Category	232	Exploitation of Privilege/Trust		Mechanism of Attack (primary)1000

Facebook rss twitter linkedin mail

CAPEC 234

COMPANY

STANDARDS

RECENT POSTS

MENU