CAPEC-40 Manipulating Writeable Terminal Devices

CAPEC-40 Metadata

Likelihood of Attack

High

Typical Severity

Very High

Overview

Summary

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

Prerequisites

User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals.

Execution Flow

Step	Phase	Description	Techniques
1	Explore	[Identify attacker-writable terminals] Determine if users TTYs are writable by the attacker.	Determine the permissions for the TTYs found on the system. Any that allow user write to the TTY may be vulnerable. Attempt to write to other user TTYs. This approach could leave a trail or alert a user.
2	Exploit	[Execute malicious commands] Using one or more vulnerable TTY, execute commands to achieve various impacts.	Commands that allow reading or writing end user files can be executed.

Potential Solutions / Mitigations

Design: Ensure that terminals are only writeable by named owner user and/or administrator Design: Enforce principle of least privilege

Related Weaknesses (CWE)

CWE ID	Description
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')

Related CAPECs

CAPEC ID	Description
CAPEC-248	An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

CAPEC ID

Description

CAPEC-248

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.