Name |
Manipulating Writeable Configuration Files |
|
Likelyhood of attack |
Typical severity |
High |
Very High |
|
Summary |
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users. |
Prerequisites |
Configuration files must be modifiable by the attacker |
Solutions | Design: Enforce principle of least privilege Design: Backup copies of all configuration files Implementation: Integrity monitoring for configuration files Implementation: Enforce audit logging on code and configuration promotion procedures. Implementation: Load configuration from separate process and memory space, for example a separate physical device like a CD |
Related Weaknesses |
CWE ID
|
Description
|
CWE-77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-99 |
Improper Control of Resource Identifiers ('Resource Injection') |
CWE-346 |
Origin Validation Error |
CWE-349 |
Acceptance of Extraneous Untrusted Data With Trusted Data |
CWE-353 |
Missing Support for Integrity Check |
CWE-354 |
Improper Validation of Integrity Check Value |
CWE-713 |
OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-176 |
An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack. |
|