CAPEC-40

Manipulating Writeable Terminal Devices
Alta
Draft
2014-06-23
00h00 +00:00
2022-09-29
00h00 +00:00
CAPEC Mitre.org
Alerta para um CAPEC
Fique informado sobre quaisquer alterações para um CAPEC específico.
Gerenciar notificações

Descrições CAPEC

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

Informações CAPEC

Fluxo de Execução

1) Explore

[Identify attacker-writable terminals] Determine if users TTYs are writable by the attacker.

Técnica
  • Determine the permissions for the TTYs found on the system. Any that allow user write to the TTY may be vulnerable.
  • Attempt to write to other user TTYs. This approach could leave a trail or alert a user.
2) Exploit

[Execute malicious commands] Using one or more vulnerable TTY, execute commands to achieve various impacts.

Técnica
  • Commands that allow reading or writing end user files can be executed.

Pré-requisitos

User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals.

Habilidades Necessárias

Ability to discover permissions on terminal devices. Of course, brute force can also be used.

Recursos Necessários

Access to a terminal on the target network

Mitigações

Design: Ensure that terminals are only writeable by named owner user and/or administrator
Design: Enforce principle of least privilege

Fraquezas Relacionadas

CWE-ID Nome da Fraqueza

CWE-77

 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Referências

REF-1

Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.

Submissão

Nome Organização Data Data de lançamento
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modificações

Nome Organização Data Comentário
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Attack_Phases, Description, Description Summary, Related_Vulnerabilities
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attacker_Skills_or_Knowledge_Required, Related_Attack_Patterns, Type (Attack_Pattern -> Relationship)
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Example_Instances
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Example_Instances
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.