|Name ||Buffer Overflow in Local Command-Line Utilities |
|Summary ||This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root. |
|Prerequisites ||The target host exposes a command-line utility to the user.
The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited. |
|Solutions ||Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.
Use a language or compiler that performs automatic bounds checking.
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
Operational: Use OS-level preventative functionality. Not a complete solution.
Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.
Do not unnecessarily expose services. |
|CWE ID ||Description |
|CWE-20 ||Improper Input Validation |
|CWE-74 ||Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|CWE-118 ||Improper Access of Indexable Resource ('Range Error') |
|CWE-119 ||Improper Restriction of Operations within the Bounds of a Memory Buffer |
|CWE-120 ||Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|CWE-680 || |
|CWE-697 ||Insufficient Comparison |
|CWE-733 ||Compiler Optimization Removal or Modification of Security-critical Code |