CAPEC-17 Detail

CAPEC-17

Name

Using Malicious Files

Likihood attacks

High

Typical Severity

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

Informations CAPEC

Execution Flow

1) Explore

[Determine File/Directory Configuration] The adversary looks for misconfigured files or directories on a system that might give executable access to an overly broad group of users.

Technique

Through shell access to a system, use the command "ls -l" to view permissions for files and directories.

2) Experiment

[Upload Malicious Files] If the adversary discovers a directory that has executable permissions, they will attempt to upload a malicious file to execute.

Technique

Upload a malicious file through a misconfigured FTP server.

3) Exploit

[Execute Malicious File] The adversary either executes the uploaded malicious file, or executes an existing file that has been misconfigured to allow executable access to the adversary.

Prerequisites

System's configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subject and the object is set incorrectly or assumes a benign environment.

Skills Required

To identify and execute against an over-privileged system interface

Resources Required

Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP.

Mitigations

Design: Enforce principle of least privilege
Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.
Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.

Related Weaknesses

CWE-ID	Weakness Name
CWE-732	Incorrect Permission Assignment for Critical Resource The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-285	Improper Authorization The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-272	Least Privilege Violation The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
CWE-59	Improper Link Resolution Before File Access ('Link Following') The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-282	Improper Ownership Management The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
CWE-270	Privilege Context Switching Error The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
CWE-693	Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

REF-1

Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2015-12-07 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2017-05-01 +00:00	Updated References
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Related_Attack_Patterns, Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description, Execution_Flow
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Example_Instances, Related_Attack_Patterns, Taxonomy_Mappings

CAPEC-17 Detail

CAPEC-17

Descriptions CAPEC

Informations CAPEC

Execution Flow

Prerequisites

Skills Required

Resources Required

Mitigations

Related Weaknesses

CWE-732

CWE-285

CWE-272

CWE-59

CWE-282

CWE-270

CWE-693

References

REF-1

Submission

Modifications