Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Arbitrary code execution

From Wikipedia, the free encyclopedia
Cyber attack where any code can be run
"Remote code execution" redirects here. For the science fiction novel, seeRCE - Remote Code Execution.
icon
This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Arbitrary code execution" – news ·newspapers ·books ·scholar ·JSTOR(March 2019) (Learn how and when to remove this message)

Incomputer security,arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a targetprocess.[1] Anarbitrary code executionvulnerability is a security flaw insoftware or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called anarbitrary code executionexploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to asremote code execution (RCE orRCX).

Arbitrary code execution signifies that if someone sends a specially designed set of data to a computer, they can make it do whatever they want. Even though this particular weakness may not cause actual problems in the real world, researchers have discussed whether it suggests a natural tendency for computers to have vulnerabilities that allow unauthorized code execution.[2]

Vulnerability types

[edit]

There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example:

Methods

[edit]

Arbitrary code execution is commonly achieved through control over theinstruction pointer (such as a jump or abranch) of a runningprocess. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploitsinject code into the process (for example by sending input to it which gets stored in aninput buffer inRAM) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed. This type of attack exploits the fact that most computers (which use aVon Neumann architecture) do not make a general distinction betweencode and data,[7][8] so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as ano-execute bit.[9][10]

Combining with privilege escalation

[edit]
Main article:Privilege escalation

On its own, an arbitrary code execution exploit will give the attacker the sameprivileges as the target process that is vulnerable.[11] For example, if exploiting a flaw in aweb browser, an attacker could act as the user, performing actions such as modifying personal computer files or accessing banking information, but would not be able to perform system-level actions (unless the user in question also had that access).

To work around this, once an attacker can execute arbitrary code on a target, there is often an attempt at aprivilege escalation exploit in order to gain additional control. This may involve thekernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into azombie—but privilege escalation helps with hiding the attack from the legitimate administrator of the system.

Examples

[edit]

Retrogaming hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code, usually using a precise sequence of button inputs in atool-assisted superplay to cause abuffer overflow, allowing them to write toprotected memory. AtAwesome Games Done Quick 2014, a group ofspeedrunners managed to code and run versions of the gamesPong,Snake andSuper Mario Bros. on a copy ofSuper Mario World[12] by utilizing an out-of-bounds read of a function pointer that points to a user controlled buffer to execute arbitrary code.

On June 12, 2018, Bosnian security researcher Jean-Yves Avenard ofMozilla discovered an ACE vulnerability inWindows 10.[13]

On May 1, 2018, a security researcher discovered an ACE vulnerability in the7-Zipfile archiver.[14]

PHP has been the subject of numerous ACE vulnerabilities.[15][16][17]

On December 9, 2021, an RCE vulnerability called "Log4Shell" was discovered in popularlogging frameworkLog4j, affecting many services includingiCloud,Minecraft: Java Edition andSteam, and characterized as "the single biggest, most critical vulnerability of the last decade".[18][19]

See also

[edit]

References

[edit]
  1. ^Team, KernelCare (25 January 2021)."Remote code execution attack: what it is, how to protect your systems".blog.kernelcare.com. Retrieved2021-09-22.[self-published source?]
  2. ^Johnson, Pontus (2021). Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine (Preprint).arXiv:2105.02124.
  3. ^"Deserialization of untrusted data".owasp.org.
  4. ^"Understanding type confusion vulnerabilities: CVE-2015-0336".microsoft.com. 18 June 2015.
  5. ^"Exploiting CVE-2018-19134: remote code execution through type confusion in Ghostscript".lgtm.com. 5 February 2019.
  6. ^"LDD arbitrary code execution".
  7. ^Gilreath, William F.; Laplante, Phillip A. (2003). "Evolution of Instruction Sets".Computer Architecture: A Minimalist Perspective. pp. 23–32.doi:10.1007/978-1-4615-0237-1_4.ISBN 978-1-4613-4980-8.
  8. ^Reilly, Edwin D. (2003).Milestones in Computer Science and Information Technology. Greenwood Publishing Group. p. 245.ISBN 9781573565219.
  9. ^"Tech Insight: Execute Disable Bit (XD-Bit)"(PDF).Toshiba Polska. 2005. Archived fromthe original(PDF) on 2018-10-31. Retrieved2018-10-31.
  10. ^"AMD has you covered"(PDF).AMD. 2012. Archived fromthe original(PDF) on Mar 5, 2019.
  11. ^Winterfeld, Steve (2013). "Offensive Tactics and Procedures".The Basics of Cyber Warfare. pp. 67–82.doi:10.1016/B978-0-12-404737-2.00005-7.ISBN 978-0-12-404737-2.
  12. ^Orland, Kyle (14 January 2014)."How an emulator-fueled robot reprogrammedSuper Mario World on the fly".Ars Technica. Retrieved27 July 2016.
  13. ^"Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability".Symantec.Archived from the original on October 31, 2018. Retrieved2018-10-31.
  14. ^"A Vulnerability in 7-Zip Could Allow for Arbitrary Code Execution".New York State Office of Information Technology Services. Archived fromthe original on 2021-08-15. Retrieved2018-10-31.
  15. ^"NVD - CVE-2017-12934".nvd.nist.gov. Retrieved2018-10-31.
  16. ^"File Operation Induced Unserialization via the "phar://" Stream Wrapper"(PDF).Secarma Labs. 2018.
  17. ^"NVD - CVE-2017-12933".nvd.nist.gov. Retrieved2018-10-31.
  18. ^"Zeroday in ubiquitous Log4j tool poses a grave threat to the Internet".Ars Technica. December 9, 2021. RetrievedDecember 11, 2021.
  19. ^"Recently uncovered software flaw 'most critical vulnerability of the last decade'".The Guardian. 11 December 2021. RetrievedDecember 11, 2021.

Further reading

[edit]
Threats
vectorial version
vectorial version
Defenses
Related
security
topics
Retrieved from "https://en.wikipedia.org/w/index.php?title=Arbitrary_code_execution&oldid=1319364743"
Category:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp