CAPEC Details
Name Subverting Environment Variable Values
Likelyhood of attack Typical severity
High Very High
Summary The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
Prerequisites An environment variable is accessible to the user. An environment variable used by the application can be tainted with user supplied data. Input data used in an environment variable is not validated properly. The variables encapsulation is not done properly. For instance setting a variable as public in a class makes it visible and an attacker may attempt to manipulate that variable.
Execution Flow
Step Phase Description Techniques
1 Explore The attacker probes the application for information. Which version of the application is running? Are there known environment variables? etc.
2 Experiment The attacker gains control of an environment variable and ties to find out what process(es) the environment variable controls.
3 Exploit The attacker modifies the environment variable to abuse the normal flow of processes or to gain access to privileged resources.
Solutions Protect environment variables against unauthorized read and write access. Protect the configuration files which contain environment variables against illegitimate read and write access. Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system. Apply the least privilege principles. If a process has no legitimate reason to read an environment variable do not give that privilege.
Related Weaknesses
CWE ID Description
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-353 Missing Support for Integrity Check
Related CAPECS
CAPEC ID Description
CAPEC-10 This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
CAPEC-14 This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
CAPEC-77 This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Taxonomy: ATTACK
Entry ID Entry Name
1562.003 Impair Defenses:Impair Command History Logging
1574.006 Hijack Execution Flow:LD_PRELOAD
1574.007 Hijack Execution Flow:Path Interception by PATH Environment Variable