CAPEC-CAPEC-35 - CERT CVE
Naziv

Leverage Executable Code in Non-Executable Files

Sažetak An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
Preduvjeti The attacker must have the ability to modify non-executable files consumed by the target software.
Rješenja ['Design: Enforce principle of least privilege', 'Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.', 'Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables.', 'Implementation: Implement host integrity monitoring to detect any unwanted altering of configuration files.', 'Implementation: Ensure that files that are not required to execute, such as configuration files, are not over-privileged, i.e. not allowed to execute.']