CAPEC - CAPEC-38: Leveraging/Manipulating Configuration File Search Paths (Release 1.4)

Home > CAPEC List > CAPEC-38: Leveraging/Manipulating Configuration File Search Paths (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

Leveraging/Manipulating Configuration File Search Paths

Attack Pattern ID: 38 (Standard Attack Pattern Completeness: Complete)

Typical Severity: Very High

Status: Draft

Description

Summary

This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from mutliple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

A standard UNIX path looks similar to this

/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin

If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attacker's behalf:

/evildir/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin

This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.

Attack Prerequisites

The attacker must be able to write to redirect search paths on the victim host.

Typical Likelihood of Exploit

Likelihood: High

Methods of Attack

Modification of Resources

Examples-Instances

Description

This attack can be accomplished in two ways. An attacker can insert a malicious program into the path or classpath so that when a known command is executed then the system instead executes the trojans. Another method is to redirect commands by aliasing one legitimate command to another to create unexpected results. the Unix command "rm" could be aliased to "mv" and move all files the victim thinks they are deleting to a directory the attacker controls. In a Unix shell .profile setting

alias rm=mv /usr/home/attacker

In this case the attacker retains a copy of all the files the victim attempts to remove.

Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

To identify and execute against an overprivileged system interface

Solutions and Mitigations

Design: Enforce principle of least privilege

Design: Ensure that the program's compound parts, including all system dependencies, classpath, path, and so on, are secured to the same or higher level assurance as the program

Implementation: Host integrity monitoring

Attack Motivation-Consequences

Run Arbitrary Code
Privilege Escalation

Related Weaknesses

CWE-ID	Weakness Name	Weakness Relationship Type
426	Untrusted Search Path	Targeted
427	Uncontrolled Search Path Element	Targeted
428	Unquoted Search Path or Element	Secondary
706	Use of Incorrectly-Resolved Name or Reference	Targeted

Related Attack Patterns

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Attack Pattern	13	Subverting Environment Variable Values	Mechanism of Attack1000
ChildOf	Attack Pattern	148	Content Spoofing	Mechanism of Attack (primary)1000
ChildOf	Attack Pattern	154	Resource Location Attacks	Mechanism of Attack (primary)1000

Purposes

Exploitation

CIA Impact

Confidentiality Impact: Medium

Integrity Impact: Medium

Availability Impact: Medium

Technical Context

Architectural Paradigms	All
Frameworks	All
Platforms	All
Languages	All

References

G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. February 2004.

Content History

Submissions
Submitter	Organization	Date
G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley, February 2004.	Cigital, Inc	2007-01-01

Modifications
Modifier	Organization	Date	Comments
Gunnar Peterson	Cigital, Inc	2007-02-28	Fleshed out content to CAPEC schema from the original descriptions in "Exploiting Software"
Sean Barnum	Cigital, Inc	2007-03-09	Review and revise
Richard Struse	VOXEM, Inc	2007-03-26	Review and feedback leading to changes in Name and Related Attack Patterns
Sean Barnum	Cigital, Inc	2007-04-13	Modified pattern content according to review and feedback

Page Last Updated: September 23, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us