Unauthorized Execution of Programs or Commands

by Thomas Gregovich.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on software  

You are here: Categories » Computers and technology » Software

A perpetrator can exploit a vulnerability in a victim system that enables the perpetrator to run one or more rogue commands on that system. A clever perpetrator can then do almost anything on the compromised system. One of the most common ways to run rogue commands is to create a buffer overflow condition. A buffer overflow condition results from more input being received than there is available memory, often causing the excess input to overwrite commands in memory that are waiting to be executed. Not only can existing commands be overwritten, if done correctly, the attacker's commands will be positioned in the buffer so that they are actually executed.

One of the most common methods of running unauthorized commands on victim systems is exploiting the Berkeley Internet Name Domain server (BIND). BIND is the most commonly deployed implementation of the domain name system (DNS). DNS is an essential Internet service in that it enables systems to locate other systems simply by using hostnames (for example, system.domain.co), converting each hostname to an IP address such as 131.243.2.3 (or vice versa). Functions within certain versions of BIND, including nxt, qinv, in.named, and others, have a number of exploitable bugs that can result in outcomes such as a buffer overflow, resulting in the capability to execute commands with root (superuser) privileges. For example, some versions of BIND do not correctly validate NXT records. An attacker can consequently send a huge amount of input in these records to cause a buffer overflow and then run a rogue program at the same privilege level that the name server has.

Attackers who initiate BIND attacks seldom stop after exploiting one or more vulnerabilities. They also frequently purge system logs to cover their tracks and then (if they have not already gained root access) download and run tools to obtain a root shell. Next they run network-scanning tools to locate other systems with the same BIND vulnerabilities, and then they attack these systems in the same manner. The toll in terms of number of machines compromised within a short period of time is often very high.

BIND attacks pose a very serious risk factor because of the prevalence of BIND on the Internet. In fact, a consensus effort to determine the exploited vulnerabilities identified BIND-based attacks as the most frequent (see the next sidebar). Both Linux and UNIX systems are vulnerable to BIND attacks.

Unauthenticated remote users might also be able to run rogue code on systems that run unpatched versions of LPRng. LPRng is a frequently used software package in FreeBSD UNIX and certain versions of Linux, and it replaces the Berkeley Standard Distribution (BSD) lpd printing service. This software has a format string vulnerability, a problem caused by missing format strings in function calls. Format strings help ensure that received input is processed properly. This vulnerability enables user-supplied arguments to be passed to a susceptible function call.

Share
Leave a comment or ask a question
Total comments: 0

Software Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Detecting SoftICE by Calling INT 3h - This is one of the most well known anti-debugging tricks, and it uses a back door in SoftICE itself. It works in all versions of Windows, and it is based on calling INT 3h with registers containing (more...)
Detecting SoftICE by Calling INT 68h - Here's a way to detect the presence of SoftICE in memory by calling INT contain the value 43h before calling INT be in the AX register. 68h. The AH register must 68h. If SoftICE is active in memor (more...)
How Can You Increase Your computer performance - Basic computer knowledge or/ and appropriate technical assistance can help you increase computer performance. Computers have become an expected supporter in this modern world. O (more...)
Detecting SoftICE by Searching Memory - This detection searches the memory in the V86 mode for the WINICE.BR string. Because this method is infrequently used, it's worth considering, though it can only be used in Windows 9x. Thi (more...)
Fight for the Future, Digital Future: Google VS Apple - We can be proud as we watch one of the greatest virtual wars unleashing at the digital market. If 15 years ago it was Apple Vs Windows confrontation, today it has slightly changed its main parties (more...)
The Beginner's Guide to iPad Video Conversion on Mac - So, you've just taken in a shiny new iPad and impressed by its beautiful display. There are several possible sources of content that you will want to convert for viewi (more...)
Touch and View: iPad application - iPad application development has become an extremely popular topic at numerous conferences and workshops since the product introduction keynote. Mobile software companies went boldly into the une (more...)
Deciding on TIFF vs. JPEG Output for Scanned Images - It can be difficult to understand which file type is best for saving your scanned images. Here's a brief breakdown of the two most common options. Preserving beloved memories is on (more...)
Photoshop Clipping Path and Masking Techniques :: Wonderful Technique to Knock Out Image Background - Graphic design is being the promotional key in every spare of business and individual life. Business organizations seek graphic tools to have publicity by dint of bill board, catalogs, magazines, w (more...)
Tips on Getting MP3 from CD as iPhone Ringtone on Mac - Many people must have favorite CDs filled with their bookcase or CD case somewhere at home due to the songs they loved while they still need to pay $0.99 each to get the same songs as their iPhone (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.