Conditions préalables
The attacker must be able to write to redirect search paths on the victim host.
Compétences requises
To identify and execute against an over-privileged system interface
Atténuations
Design: Enforce principle of least privilege
Design: Ensure that the program's compound parts, including all system dependencies, classpath, path, and so on, are secured to the same or higher level assurance as the program
Implementation: Host integrity monitoring
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Untrusted Search Path The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
|
Uncontrolled Search Path Element The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Références
REF-1
Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2018-07-31 +00:00 |
Updated Description, Description Summary, Examples-Instances, Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Taxonomy_Mappings |
CAPEC Content Team |
The MITRE Corporation |
2022-09-29 +00:00 |
Updated Example_Instances, Taxonomy_Mappings |