CAPEC-69 Detail

CAPEC-69

Name

Target Programs with Elevated Privileges

Likihood attacks

High

Typical Severity

Status

Draft

Published

2014-06-23
00h00 +00:00

Modified

2021-10-21
00h00 +00:00

Official links

CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Notifications manage

List of Notifications

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CAPEC ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Descriptions CAPEC

This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.

Informations CAPEC

Execution Flow

1) Explore

[Find programs with elevated priveleges] The adversary probes for programs running with elevated privileges.

Technique

Look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break.

2) Explore

[Find vulnerability in running program] The adversary looks for a vulnerability in the running program that would allow for arbitrary code execution with the privilege of the running program.

Technique

Look for improper input validation
Look for improper failure safety. For instance when a program fails it may authorize restricted access to anyone.
Look for a buffer overflow which may be exploited if an adversary can inject unvalidated data.

3) Exploit

[Execute arbitrary code] The adversary exploits the vulnerability that they have found. For instance, they can try to inject and execute arbitrary code or write to OS resources.

Prerequisites

The targeted program runs with elevated OS privileges.
The targeted program accepts input data from the user or from another program.
The targeted program is giving away information about itself. Before performing such attack, an eventual attacker may need to gather information about the services running on the host target. The more the host target is verbose about the services that are running (version number of application, etc.) the more information can be gather by an attacker.
This attack often requires communicating with the host target services directly. For instance Telnet may be enough to communicate with the host target.

Skills Required

An attacker can use a tool to scan and automatically launch an attack against known issues. A tool can also repeat a sequence of instructions and try to brute force the service on the host target, an example of that would be the flooding technique.
More advanced attack may require knowledge of the protocol spoken by the host service.

Mitigations

Apply the principle of least privilege.
Validate all untrusted data.
Apply the latest patches.
Scan your services and disable the ones which are not needed and are exposed unnecessarily. Exposing programs increases the attack surface. Only expose the services which are needed and have security mechanisms such as authentication built around them.
Avoid revealing information about your system (e.g., version of the program) to anonymous users.
Make sure that your program or service fail safely. What happen if the communication protocol is interrupted suddenly? What happen if a parameter is missing? Does your system have resistance and resilience to attack? Fail safely when a resource exhaustion occurs.
If possible use a sandbox model which limits the actions that programs can take. A sandbox restricts a program to a set of privileges and commands that make it difficult or impossible for the program to cause any damage.
Check your program for buffer overflow and format String vulnerabilities which can lead to execution of malicious code.
Monitor traffic and resource usage and pay attention if resource exhaustion occurs.
Protect your log file from unauthorized modification and log forging.

Related Weaknesses

CWE-ID	Weakness Name
CWE-250	Execution with Unnecessary Privileges The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CWE-15	External Control of System or Configuration Setting One or more system settings or configuration elements can be externally controlled by a user.

References

REF-1

Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.

Submission

Name	Organization	Date	Date release
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Name	Organization	Date	Comment
CAPEC Content Team	The MITRE Corporation	2015-11-09 +00:00	Updated References
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated Attacker_Skills_or_Knowledge_Required, References
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Execution_Flow, Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Related_Weaknesses
CAPEC Content Team	The MITRE Corporation	2021-10-21 +00:00	Updated Description, Execution_Flow, Prerequisites