CAPEC - CAPEC-17: Accessing, Modifying or Executing Executable Files (Release 1.4)

Home > CAPEC List > CAPEC-17: Accessing, Modifying or Executing Executable Files (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-17: Accessing, Modifying or Executing Executable Files

Accessing, Modifying or Executing Executable Files

Attack Pattern ID: 17 (Standard Attack Pattern Completeness: Complete)

Typical Severity: Very High

Status: Draft

Description

Summary

An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

Attack Prerequisites

System's configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subkect and the object is set incorrectly or assumes a benign environment.

Typical Likelihood of Exploit

Likelihood: High

Methods of Attack

Modification of Resources
API Abuse

Examples-Instances

Description

Consider a directory on a web server with the following permissions

drwxrwxrwx 5 admin public 170 Nov 17 01:08 webroot

This could allow an attacker to both execute and upload and execute programs' on the web server. This one vulnerability can be exploited by a threat to probe the system and identify additional vulnerabilities to exploit.

Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

To identify and execute against an overprivileged system interface

Resources Required

Ability to communicate synchronously or asynchronously with server that publishes an overprivileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP.

Solutions and Mitigations

Design: Enforce principle of least privilege

Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.

Implementation: Perform testing such as pentesting and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.

Attack Motivation-Consequences

Run Arbitrary Code
Data Modification
Information Leakage
Privilege Escalation

Injection Vector

Payload delivered through standard communication protocols.

Payload

Command(s) executed directly on host

Activation Zone

Client machine and client network

Payload Activation Impact

Enables attacker to execute server side code with any commands that the program owner has privileges to.

Related Weaknesses

CWE-ID	Weakness Name	Weakness Relationship Type
285	Improper Access Control (Authorization)	Targeted
272	Least Privilege Violation	Targeted
59	Failure to Resolve Links Before File Access (aka 'Link Following')	Targeted
282	Improper Ownership Management	Targeted
275	Permission Issues	Targeted
264	Permissions, Privileges, and Access Controls	Targeted
270	Privilege Context Switching Error	Targeted
693	Protection Mechanism Failure	Targeted

Related Attack Patterns

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Attack Pattern	1	Accessing Functionality Not Properly Constrained by ACLs	Mechanism of Attack1000
ChildOf	Category	233	Privilege Escalation	Mechanism of Attack (primary)1000
ChildOf	Attack Pattern	165	File Manipulation	Mechanism of Attack (primary)1000

Purposes

Penetration

CIA Impact

Confidentiality Impact: High

Integrity Impact: Medium

Availability Impact: Low

Technical Context

Architectural Paradigms	All
Frameworks	All
Platforms	All
Languages	All

References

G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. February 2004.

Content History

Submissions
Submitter	Organization	Date
G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley, February 2004.	Cigital, Inc	2007-01-01

Modifications
Modifier	Organization	Date	Comments
Gunnar Peterson	Cigital, Inc	2007-02-28	Fleshed out content to CAPEC schema from the original descriptions in "Exploiting Software"
Sean Barnum	Cigital, Inc	2007-03-09	Review and revise
Richard Struse	VOXEM, Inc	2007-03-26	Review and feedback leading to changes in Name, Description and Examples
Sean Barnum	Cigital, Inc	2007-04-13	Modified pattern content according to review and feedback

Page Last Updated: September 23, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us