Computer Vulnerabilities (2000).pdf
(
390 KB
)
Pobierz
Understanding the Consequences
Computer Vulnerabilities
Written by Eric Knight, C.I.S.S.P.
Last Revision: March 9, 2000
Original Publication: March 6, 2000
DRAFT
This publication is Copyright © 2000 by Eric Knight, All Rights Reserved
Any feedback can be sent to knight@securityparadigm.com
Dedication
This book is dedicated to the people that believed in vulnerabilities enough to give some of their life toward
making this book a reality:
Kevin Reynolds, William Spencer, Andrew Green, Brian Martin, Scott Chasin, and Elias Levy
And also I wish to dedicate this to my parents, Dr. Douglas Knight and Rose Marie Knight, for giving me
the freedom even at a very young age to keep an open mind and encourage me to pursue my interests,
believing that I would not let them down.
Without each of these people, all of whom have inspired me, directed me, aided me, and informed me, it is
doubtful that this book would have ever been written.
Table of Contents
INTRODUCTION ........................................................................................................................................ 6
ANATOMY OF A VULNERABILITY ......................................................................................................7
V
ULNERABILITY
A
TTRIBUTES
..................................................................................................................... 8
Fault........................................................................................................................................................ 9
Severity ................................................................................................................................................... 9
Authentication....................................................................................................................................... 10
Tactic .................................................................................................................................................... 10
Consequence ......................................................................................................................................... 11
A
TTRIBUTES AND
V
ULNERABILITIES
......................................................................................................... 11
LOGIC ERRORS ....................................................................................................................................... 12
O
PERATING
S
YSTEM
V
ULNERABILITIES
..................................................................................................... 12
A
PPLICATION
S
PECIFIC
V
ULNERABILITIES
................................................................................................. 13
N
ETWORK
P
ROTOCOL
D
ESIGN
................................................................................................................... 13
F
ORCED
T
RUST
V
IOLATIONS
..................................................................................................................... 14
SOCIAL ENGINEERING ......................................................................................................................... 15
G
AINING
A
CCESS
....................................................................................................................................... 15
“I forgot my password!”....................................................................................................................... 15
“What is your password?” ................................................................................................................... 16
Fishing for Information ........................................................................................................................ 17
Trashing ................................................................................................................................................ 17
Janitorial Right ..................................................................................................................................... 17
C
RIMINAL
S
ABOTAGE
................................................................................................................................17
Corporate Sabotage .............................................................................................................................. 17
Internal Sabotage.................................................................................................................................. 18
Extortion ............................................................................................................................................... 18
COMPUTER WEAKNESS........................................................................................................................ 19
S
ECURITY THROUGH
O
BSCURITY
............................................................................................................... 19
E
NCRYPTION
.............................................................................................................................................. 19
Cryptographic Short Cuts ..................................................................................................................... 20
Speed of Computer................................................................................................................................ 20
Lack of a Sufficiently Random Key ....................................................................................................... 20
P
ASSWORD
S
ECURITY
................................................................................................................................20
S
ECURE
H
ASHES
........................................................................................................................................ 20
A
GED
S
OFTWARE AND
H
ARDWARE
........................................................................................................... 21
P
EOPLE
...................................................................................................................................................... 21
POLICY OVERSIGHTS............................................................................................................................ 22
R
ECOVERY OF
D
ATA
.................................................................................................................................. 22
R
ECOVERY OF
F
AILED
H
ARDWARE
............................................................................................................ 23
I
NVESTIGATION OF
I
NTRUDERS
.................................................................................................................. 23
I
NVESTIGATION OF WHEN THE
C
OMPANY IS
A
CCUSED OF
I
NTRUDING ON
O
THERS
.................................... 23
P
ROSECUTION OF
I
NTRUDERS
.................................................................................................................... 23
P
ROSECUTION OF
C
RIMINAL
E
MPLOYEES
.................................................................................................. 23
R
EPORTING OF
I
NTRUDERS AND
C
RIMINAL
E
MPLOYEES TO THE
P
ROPER
A
GENCIES
................................. 23
P
HYSICAL
S
ECURITY OF THE
S
ITE
.............................................................................................................. 24
E
LECTRICAL
S
ECURITY OF THE
S
ITE
.......................................................................................................... 24
T
HEFT OF
E
QUIPMENT
............................................................................................................................... 24
T
HEFT OF
S
OFTWARE
................................................................................................................................. 24
FAULT......................................................................................................................................................... 25
C
ODING
F
AULTS
........................................................................................................................................ 25
Synchronization Errors ......................................................................................................................... 25
Race Condition Errors........................................................................................................................................25
Temporary File Race Condition.....................................................................................................................26
Serialization Errors ............................................................................................................................................26
Network Packet Sequence Attacks.................................................................................................................26
Condition Validation Errors ................................................................................................................. 26
Failure to Handle Exceptions .............................................................................................................................27
Temporary Files and Symlinks ......................................................................................................................27
Usage of the mktemp() System Call ..............................................................................................................27
Input Validation Error ........................................................................................................................................28
Buffer Overflows ...........................................................................................................................................28
Origin Validation Error ......................................................................................................................................28
Broken Logic / Failure To Catch In Regression Testing................................................................................28
Access Validation Error .....................................................................................................................................29
E
MERGENT
F
AULTS
................................................................................................................................... 29
Configuration Errors ............................................................................................................................ 29
Wrong Place.......................................................................................................................................................29
Setup Parameters................................................................................................................................................29
Access Permissions ............................................................................................................................................30
SETUID Files In /sbin or /usr/sbin ................................................................................................................30
Log Files with World Access.........................................................................................................................30
Work Directories with World Access ............................................................................................................31
Installed In Wrong Place ....................................................................................................................................31
Over-Optimistic Security Permissions...........................................................................................................31
Policy Error ........................................................................................................................................................31
Backup Insecurity ..........................................................................................................................................32
Environment Faults............................................................................................................................... 32
IFS Vulnerability................................................................................................................................................32
Environment Variable Settings ..........................................................................................................................33
Shell Interpreter Vulnerabilities .........................................................................................................................34
E
NVIRONMENTAL
F
AULT
T
AXONOMIES
..................................................................................................... 34
SEVERITY .................................................................................................................................................. 36
A
DMINISTRATOR
A
CCESS
.......................................................................................................................... 36
R
EAD
R
ESTRICTED
F
ILES
........................................................................................................................... 36
R
EGULAR
U
SER
A
CCESS
............................................................................................................................ 36
S
POOFING
.................................................................................................................................................. 37
N
ON
-D
ETECTABILITY
................................................................................................................................37
D
ENIAL OF
S
ERVICE
................................................................................................................................... 37
TACTICS..................................................................................................................................................... 38
P
HYSICAL
A
CCESS
..................................................................................................................................... 38
L
OCAL
A
CCESS
.......................................................................................................................................... 38
S
ERVER
A
CCESS
........................................................................................................................................ 38
C
LIENT
S
IDE
.............................................................................................................................................. 38
M
AN
-
IN
-
THE
-M
IDDLE
................................................................................................................................39
C
UMULATIVE
T
ACTICS
.............................................................................................................................. 39
AUTHENTICATION ................................................................................................................................. 40
N
O
A
UTHORIZATION
R
EQUIRED
................................................................................................................ 40
A
UTHORIZATION
R
EQUIRED
...................................................................................................................... 40
CONSEQUENCE........................................................................................................................................ 41
L
OGIC
I
NTERRUPTION
................................................................................................................................41
Interactive Shell .................................................................................................................................... 41
One Time Execution of Code ................................................................................................................ 42
One Time Execution of a Single Command........................................................................................... 43
R
EADING OF
F
ILES
..................................................................................................................................... 43
Reading of Any File .............................................................................................................................. 43
Reading of a Specific Restricted File .................................................................................................... 44
W
RITING OF
F
ILES
..................................................................................................................................... 45
Overwriting Any File with Security Compromising Payload................................................................ 45
Overwriting Specific Files with Security Compromising Payload........................................................ 46
Overwriting Any File with Unusable Garbage ..................................................................................... 46
Overwriting Specific Files with Unusable Garbage ............................................................................. 47
A
PPENDING TO
F
ILES
................................................................................................................................. 47
Appending Any Files with Security Compromising Payload ................................................................ 48
Appending Specific Files with Security Compromising Payload .......................................................... 49
Appending Any File with Unusable Garbage ....................................................................................... 49
Appending Specific Files with Unusable Garbage ............................................................................... 49
D
EGRADATION OF
P
ERFORMANCE
............................................................................................................. 50
Rendering Account(s) Unusable ........................................................................................................... 50
Rendering a Process Unusable ............................................................................................................. 50
Rendering a Subsystem Unusable ......................................................................................................... 50
Rendering the Computer Unusable....................................................................................................... 51
I
DENTITY
M
ODIFICATION
.......................................................................................................................... 51
Assume the Identity of Administrator.................................................................................................... 52
Assume the Identity of User .................................................................................................................. 52
Assume the Identity of a Non-Existent User.......................................................................................... 53
Assume the Identity of a Computer ....................................................................................................... 53
Assume the Identity of Same Computer................................................................................................. 54
Assume the Identity of a Non-Existent Computer..................................................................................54
B
YPASSING OR
C
HANGING
L
OGS
............................................................................................................... 55
Logs Are Not Kept of Security Important Activity................................................................................. 55
Logs Can Be Tampered With ................................................................................................................ 56
Logs Can Be Disabled .......................................................................................................................... 56
S
NOOPING AND
M
ONITORING
.................................................................................................................... 57
User can view a session ........................................................................................................................ 57
User can view the exported/imported session ....................................................................................... 58
User can confirm a hidden element ...................................................................................................... 58
H
IDING
E
LEMENTS
..................................................................................................................................... 59
Hiding Identity ...................................................................................................................................... 59
Hiding Files .......................................................................................................................................... 60
Hiding Origin........................................................................................................................................ 60
E
NVIRONMENTAL
C
ONSEQUENCE
T
AXONOMY
.......................................................................................... 61
OBJECT ORIENTED RELATIONSHIPS............................................................................................... 62
APPENDIX A: EXAMPLE EFT/ECT DOCUMENT ............................................................................ 65
Plik z chomika:
bohem
Inne pliki z tego folderu:
html_biblia.rar
(27981 KB)
access_2000_ksiega_eksperta.rar
(16770 KB)
borlandc++przyklady.rar
(13386 KB)
3d_studio_max.rar
(2542 KB)
abc_systemu_windows_xp.rar
(4587 KB)
Inne foldery tego chomika:
- Euro 2012
Pliki dostępne do 01.06.2025
Pliki dostępne do 08.07.2024
Pliki dostępne do 19.01.2025
Pliki dostępne do 21.01.2024
Zgłoś jeśli
naruszono regulamin