CAPEC-23: File Content Injection
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary poisons files with a malicious payload (targeting the file systems accessible by the target software), which may be passed through by standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes, in order to exploit the host's trust in executing remote content, including binary files.
前提条件
- The target software must consume files.
- The adversary must have access to modify files that the target software will consume.
所需技能
后果影响
影响范围: Confidentiality Integrity Availability
技术影响: Execute Unauthorized Commands
说明: Run Arbitrary Code
缓解措施
Design: Enforce principle of least privilege
Design: Validate all input for content including files. Ensure that if files and remote content must be accepted that once accepted, they are placed in a sandbox type location so that lower assurance clients cannot write up to higher assurance processes (like Web server processes for example)
Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.
Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.
Implementation: Virus scanning on host
Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin.