CAPEC-45: Buffer Overflow via Symbolic Links

Description

This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.

Extended Description

The result is a window of opportunity for exploiting the product until the insecure component is discovered. This supply chain threat can result in the installation of malicious software or hardware that introduces widespread security vulnerabilities within an organization. Additionally, because software often depends upon a large number of interdependent libraries and components to be present, security holes can be introduced merely by installing Commercial off the Shelf (COTS) or Open Source Software (OSS) software that comes pre-packaged with the components required for it to operate. It is also worth noting that this attack can occur during initial product development or throughout a product's sustainment.

Severity :

High

Possibility :

High

Type :

Detailed

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-100: Overflow Buffers Overflow Buffers

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

The adversary can create symbolic link on the target host.
The target host does not perform correct boundary checking while consuming data from a resources.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Low An adversary can simply overflow a buffer by inserting a long string into an adversary-modifiable injection vector. The result can be a DoS.
High Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-20: Improper Input Validation

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-118: Incorrect Access of Indexable Resource ('Range Error')

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-285: Improper Authorization

CWE-302: Authentication Bypass by Assumed-Immutable Data

CWE-680: Integer Overflow to Buffer Overflow

CWE-697: Incorrect Comparison

Visit http://capec.mitre.org/ for more details.