English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CAPEC-88

OS Command Injection
HIGH
HIGH
Draft
2014-06-23 00:00 +00:00
2021-06-24 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.

Informations

Execution Flow

1) Explore

[Identify inputs for OS commands] The attacker determines user controllable input that gets passed as part of a command to the underlying operating system.

Technique
  • Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.
  • TCP/IP Fingerprinting. The attacker uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.
  • Induce errors to find informative error messages

2) Explore

[Survey the Application] The attacker surveys the target application, possibly as a valid and authenticated user

Technique
  • Spidering web sites for all available links
  • Inventory all application inputs

3) Experiment

[Vary inputs, looking for malicious results.] Depending on whether the application being exploited is a remote or local one the attacker crafts the appropriate malicious input, containing OS commands, to be passed to the application

Technique
  • Inject command delimiters using network packet injection tools (netcat, nemesis, etc.)
  • Inject command delimiters using web test frameworks (proxies, TamperData, custom programs, etc.)

4) Exploit

[Execute malicious commands] The attacker may steal information, install a back door access mechanism, elevate privileges or compromise the system in some other way.

Technique
  • The attacker executes a command that stores sensitive information into a location where they can retrieve it later (perhaps using a different command injection).

Prerequisites

User controllable input used as part of commands to the underlying operating system.

Skills Required

The attacker needs to have knowledge of not only the application to exploit but also the exact nature of commands that pertain to the target operating system. This may involve, though not always, knowledge of specific assembly commands for the platform.

Mitigations

Use language APIs rather than relying on passing data to the operating system shell or command line. Doing so ensures that the available protection mechanisms in the language are intact and applicable.
Filter all incoming data to escape or remove characters or strings that can be potentially misinterpreted as operating system or shell commands
All application processes should be run with the minimal privileges required. Also, processes must shed privileges as soon as they no longer require them.

Related Weaknesses

CWE-ID Weakness Name
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-697 Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

REF-543

Secunia Advisory SA16869: Firefox Command Line URL Shell Command Injection
http://secunia.com/advisories/16869/

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Execution_Flow
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Execution_Flow, Related_Weaknesses

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.