| Name | Buffer Overflow in Local Command-Line Utilities |
| Summary | This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root. |
| Prerequisites | The target host exposes a command-line utility to the user. The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited. |
| Solutions | Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow. Use a language or compiler that performs automatic bounds checking. Use an abstraction library to abstract away risky APIs. Not a complete solution. Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution. Operational: Use OS-level preventative functionality. Not a complete solution. Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack. Do not unnecessarily expose services. |
| Related Weaknesses |
| CWE ID | Description |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
