CAPEC-9: Buffer Overflow in Local Command-Line Utilities
ID
CAPEC-9
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | weakness |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | weakness |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | weakness |
| CWE-680 | Integer Overflow to Buffer Overflow | weakness |
| CWE-697 | Incorrect Comparison | weakness |
| CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code | weakness |