| Name | Buffer Overflow in Local Command-Line Utilities |
| Summary | This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root. |
| Prerequisites | The target host exposes a command-line utility to the user.
The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited. |
| Solutions | Carefully review the service's implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.
Use a language or compiler that performs automatic bounds checking.
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.
Operational: Use OS-level preventative functionality. Not a complete solution.
Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.
Do not unnecessarily expose services. |
| Related Weaknesses |
| CWE ID | Description |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Improper Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-680 | |
| CWE-697 | Insufficient Comparison |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code |
|
