Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
There is high motivation for the attacker to seek out and discover opportunities for this attack due to the power it yields.
A transaction processing system relies on code written in a number of languages. To access this functionality, the system passes transaction information on the system command line.
An attacker can gain access to the system command line and execute malicious commands by injecting these commands in the transaction data. If successful, the attacker can steal information, install backdoors and perform other nefarious activities that can compromise the system and its data.
A vulnerability in Mozilla Firefox 1.x browser allows an attacker to execute arbitrary commands on the UNIX/Linux operating system.
The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within back-ticks in the URL provided via the command line.
This can be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Firefox as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).
Skill or Knowledge Level: High
The attacker needs to have knowledge of not only the application to exploit but also the exact nature of commands that pertain to the target operating system. This may involve, though not always, knowledge of specific assembly commands for the platform.
Use language APIs rather than relying on passing data to the operating system shell or command line. Doing so ensures that the available protection mechanisms in the language are intact and applicable.
Filter all incoming data to escape or remove characters or strings that can be potentially misinterpreted as operating system or shell commands
All application processes should be run with the minimal privileges required. Also, processes must shed privileges as soon as they no longer require them.
Operating system commands injected by the attacker, intended to escalate privilege or divulge information
The injected OS commands are interpreted by the shell, causing them to be executed under the privileges of the process running the exploited application.
More information is available — Please select a different filter.