CAPEC-10 Détail

CAPEC-10

Nom

Buffer Overflow via Environment Variables

Probabilité d'attaque

Haute

Gravité typique

Haute

Statut

Draft

Publié

2014-06-23
00h00 +00:00

Modifié

2022-09-29
00h00 +00:00

Liens officiels

CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CAPEC ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Descriptions du CAPEC

This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.

Informations du CAPEC

Flux d'exécution

1) Explore

[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack the adversary looks for an application that loads the content of an environment variable into a buffer.

2) Experiment

[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application's buffer.

Technique

Change the values of environment variables thought to be used by the application to contain excessive data. If the program is loading the value of the environment variable into a buffer, this could cause a crash and an attack vector will be found.

3) Experiment

[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary's choosing.

Technique

Create malicious shellcode that will execute when the program execution is returned to it.
Use a NOP-sled in the overflow content to more easily "slide" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs

4) Exploit

[Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer.

Conditions préalables

The application uses environment variables.
An environment variable exposed to the user is vulnerable to a buffer overflow.
The vulnerable environment variable uses untrusted data.
Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer.

Compétences requises

An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.
Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Atténuations

Do not expose environment variable to the user.
Do not use untrusted data in your environment variables.
Use a language or compiler that performs automatic bounds checking
There are tools such as Sharefuzz [REF-2] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow.

Faiblesses connexes

CWE-ID	Nom de la faiblesse
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-302	Authentication Bypass by Assumed-Immutable Data The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
CWE-118	Incorrect Access of Indexable Resource ('Range Error') The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-99	Improper Control of Resource Identifiers ('Resource Injection') The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.
CWE-20	Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-680	Integer Overflow to Buffer Overflow The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
CWE-733	Compiler Optimization Removal or Modification of Security-critical Code The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.
CWE-697	Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Références

REF-1

Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.

REF-2

Sharefuzz
http://sharefuzz.sourceforge.net

Soumission

Nom	Organisation	Date	Date de publication
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Nom	Organisation	Date	Commentaire
CAPEC Content Team	The MITRE Corporation	2017-01-09 +00:00	Updated Related_Attack_Patterns
CAPEC Content Team	The MITRE Corporation	2018-07-31 +00:00	Updated References
CAPEC Content Team	The MITRE Corporation	2020-07-30 +00:00	Updated Mitigations
CAPEC Content Team	The MITRE Corporation	2020-12-17 +00:00	Updated Taxonomy_Mappings
CAPEC Content Team	The MITRE Corporation	2021-10-21 +00:00	Updated Execution_Flow, Extended_Description
CAPEC Content Team	The MITRE Corporation	2022-02-22 +00:00	Updated Description
CAPEC Content Team	The MITRE Corporation	2022-09-29 +00:00	Updated Example_Instances

Détail du CAPEC-10