CAPEC-38 Detail

CAPEC-38

Name

Leveraging/Manipulating Configuration File Search Paths

Likihood attacks

High

Typical Severity

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2022-09-29
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

Informations CAPEC

Prerequisites

The attacker must be able to write to redirect search paths on the victim host.

Skills Required

To identify and execute against an over-privileged system interface

Mitigations

Design: Enforce principle of least privilege
Design: Ensure that the program's compound parts, including all system dependencies, classpath, path, and so on, are secured to the same or higher level assurance as the program
Implementation: Host integrity monitoring

Related Weaknesses

CWE-ID	Weakness Name
CWE-426	Untrusted Search Path The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
CWE-427	Uncontrolled Search Path Element The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

REF-1

Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated Description, Description Summary, Examples-Instances, Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2019-04-04 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Example_Instances, Taxonomy_Mappings