Process ControlID: 114 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
Executing commands or loading libraries from an untrusted
source or in an untrusted environment can cause an application to execute
malicious commands (and payloads) on behalf of an
attacker.
Extended DescriptionProcess control vulnerabilities take two forms: 1. An attacker can change
the command that the program executes: the attacker explicitly controls what
the command is. 2. An attacker can change the environment in which the
command executes: the attacker implicitly controls what the command means.
Process control vulnerabilities of the first type occur when either data
enters the application from an untrusted source and the data is used as part
of a string representing a command that is executed by the application. By
executing the command, the application gives an attacker a privilege or
capability that the attacker would not otherwise have.
Applicable PlatformsLanguage Class: All
Time Of Introduction
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
ConfidentialityIntegrityAvailability | Execute unauthorized code or
commands | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
| | Libraries that are loaded should be well understood and come from a
trusted source. The application can execute code contained in the native
libraries, which often contain calls that are susceptible to other
security problems, such as buffer overflows or command injection. All
native libraries should be validated to determine if the application
requires the use of the library. It is very difficult to determine what
these native libraries actually do, and the potential for malicious code
is high. In addition, the potential for an inadvertent mistake in these
native libraries is also high, as many are written in C or C++ and may
be susceptible to buffer overflow or race condition problems. To help
prevent buffer overflow attacks, validate all input to native calls for
content and length. If the native library does not come from a trusted
source, review the source code of the library. The library should be
built from the reviewed source before using it. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-114 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following code from a privileged application uses a registry
entry to determine the directory in which it is installed and loads a
library file based on a relative path from the specified
directory.
- The following code is from a web-based administration utility that
allows users access to an interface through which they can update their
profile on the system. The utility makes use of a library named liberty.dll,
which is normally found in a standard system directory.
- The following code uses System.loadLibrary() to load code from a
native library named library.dll, which is normally found in a standard
system directory.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
7 Pernicious Kingdoms | | Process Control | |
References:None