Name Manipulating Writeable Terminal Devices
Summary This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.
Prerequisites User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals.
Solutions Design: Ensure that terminals are only writeable by named owner user and/or administrator Design: Enforce principle of least privilege
Related Weaknesses
CWE ID Description
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-306 Missing Authentication for Critical Function
Back to Top