fbpx
Wikipedia

Arbitrary code execution

August 18, 2023

"Remote code execution" redirects here. For the science fiction novel, see RCE - Remote Code Execution.

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process.[1] An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE).

Vulnerability types

There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example:

Methods

Arbitrary code execution is commonly achieved through control over the instruction pointer (such as a jump or a branch) of a running process. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer in RAM) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed. This type of attack exploits the fact that most computers (which use a Von Neumann architecture) do not make a general distinction between code and data,[6][7] so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit.[8][9]

Combining with privilege escalation

Main article: Privilege escalation

On its own, an arbitrary code execution exploit will give the attacker the same privileges as the target process that is vulnerable.[10] For example, if exploiting a flaw in a web browser, an attacker could act as the user, performing actions such as modifying personal computer files or accessing banking information, but would not be able to perform system-level actions (unless the user in question also had that access).

To work around this, once an attacker can execute arbitrary code on a target, there is often an attempt at a privilege escalation exploit in order to gain additional control. This may involve the kernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a zombie—but privilege escalation helps with hiding the attack from the legitimate administrator of the system.

Examples

Retrogaming hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code, usually using a precise sequence of button inputs in a tool-assisted superplay to cause a buffer overflow, allowing them to write to protected memory. At Awesome Games Done Quick 2014, a group of speedrunning enthusiasts managed to code and run versions of the games Pong and Snake in a copy of Super Mario World[11] by utilizing a buffer overflow to write arbitrary code to memory.

On June 12, 2018, security researcher Jean-Yves Avenard of Mozilla discovered an ACE vulnerability in Windows 10.[12]

On May 1, 2018, a security researcher discovered an ACE vulnerability in the 7-Zip file archiver.[13]

PHP has been the subject of numerous ACE vulnerabilities.[14][15][16]

On December 9, 2021, a RCE vulnerability called "Log4Shell" was discovered in popular logging framework Log4j, affecting many services including iCloud, Minecraft: Java Edition and Steam, and characterized as "the single biggest, most critical vulnerability of the last decade".[17][18]

See also

References

  1. ^ Team, KernelCare (25 January 2021). "Remote code execution attack: what it is, how to protect your systems". blog.kernelcare.com. Retrieved 2021-09-22.
  2. ^ "Deserialization of untrusted data". owasp.org.
  3. ^ "Understanding type confusion vulnerabilities: CVE-2015-0336". microsoft.com. 18 June 2015.
  4. ^ "Exploiting CVE-2018-19134: remote code execution through type confusion in Ghostscript". lgtm.com. 5 February 2019.
  5. ^ "LDD arbitrary code execution".
  6. ^ Gilreath, William F.; Laplante, Phillip A. (2003-03-31). Computer Architecture: A Minimalist Perspective. Springer Science & Business Media. ISBN 9781402074165.
  7. ^ Reilly, Edwin D. (2003). Milestones in Computer Science and Information Technology. Greenwood Publishing Group. p. 245. ISBN 9781573565219.
  8. ^ "Tech Insight: Execute Disable Bit (XD-Bit)" (PDF). toshiba.pl. 2005.
  9. ^ "AMD has you covered" (PDF). amd.com. 2012.
  10. ^ "Remote Code Execution - an overview | ScienceDirect Topics". www.sciencedirect.com. Retrieved 2021-12-05.
  11. ^ Orland, Kyle (14 January 2014). "How an emulator-fueled robot reprogrammed Super Mario World on the fly". arstechnica.com. Retrieved 27 July 2016.
  12. ^ "Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability | Symantec". www.symantec.com. Retrieved 2018-10-31.
  13. ^ . New York State Office of Information Technology Services. Archived from the original on 2021-08-15. Retrieved 2018-10-31.
  14. ^ "NVD - CVE-2017-12934". nvd.nist.gov. Retrieved 2018-10-31.
  15. ^ "File Operation Induced Unserialization via the "phar://" Stream Wrapper" (PDF). Secarma Labs. 2018.
  16. ^ "NVD - CVE-2017-12933". nvd.nist.gov. Retrieved 2018-10-31.
  17. ^ "Zeroday in ubiquitous Log4j tool poses a grave threat to the Internet". Ars Technica. December 9, 2021. Retrieved December 11, 2021.
  18. ^ "Recently uncovered software flaw 'most critical vulnerability of the last decade'". The Guardian. 11 December 2021. Retrieved December 11, 2021.

August 18, 2023
arbitrary, code, execution, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, newspapers, books, scholar, jstor,. This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Arbitrary code execution news newspapers books scholar JSTOR March 2019 Learn how and when to remove this template message Remote code execution redirects here For the science fiction novel see RCE Remote Code Execution In computer security arbitrary code execution ACE is an attacker s ability to run any commands or code of the attacker s choice on a target machine or in a target process 1 An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit The ability to trigger arbitrary code execution over a network especially via a wide area network such as the Internet is often referred to as remote code execution RCE Contents 1 Vulnerability types 2 Methods 2 1 Combining with privilege escalation 3 Examples 4 See also 5 ReferencesVulnerability types EditThere are a number of classes of vulnerability that can lead to an attacker s ability to execute arbitrary commands or code For example Memory safety vulnerabilities such as buffer overflows or over reads Deserialization vulnerabilities 2 Type confusion vulnerabilities 3 4 GNU LDD arbitrary code execution 5 Methods EditArbitrary code execution is commonly achieved through control over the instruction pointer such as a jump or a branch of a running process The instruction pointer points to the next instruction in the process that will be executed Control over the value of the instruction pointer therefore gives control over which instruction is executed next In order to execute arbitrary code many exploits inject code into the process for example by sending input to it which gets stored in an input buffer in RAM and use a vulnerability to change the instruction pointer to have it point to the injected code The injected code will then automatically get executed This type of attack exploits the fact that most computers which use a Von Neumann architecture do not make a general distinction between code and data 6 7 so that malicious code can be camouflaged as harmless input data Many newer CPUs have mechanisms to make this harder such as a no execute bit 8 9 Combining with privilege escalation Edit Main article Privilege escalation On its own an arbitrary code execution exploit will give the attacker the same privileges as the target process that is vulnerable 10 For example if exploiting a flaw in a web browser an attacker could act as the user performing actions such as modifying personal computer files or accessing banking information but would not be able to perform system level actions unless the user in question also had that access To work around this once an attacker can execute arbitrary code on a target there is often an attempt at a privilege escalation exploit in order to gain additional control This may involve the kernel itself or an account such as Administrator SYSTEM or root With or without this enhanced control exploits have the potential to do severe damage or turn the computer into a zombie but privilege escalation helps with hiding the attack from the legitimate administrator of the system Examples EditRetrogaming hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code usually using a precise sequence of button inputs in a tool assisted superplay to cause a buffer overflow allowing them to write to protected memory At Awesome Games Done Quick 2014 a group of speedrunning enthusiasts managed to code and run versions of the games Pong and Snake in a copy of Super Mario World 11 by utilizing a buffer overflow to write arbitrary code to memory On June 12 2018 security researcher Jean Yves Avenard of Mozilla discovered an ACE vulnerability in Windows 10 12 On May 1 2018 a security researcher discovered an ACE vulnerability in the 7 Zip file archiver 13 PHP has been the subject of numerous ACE vulnerabilities 14 15 16 On December 9 2021 a RCE vulnerability called Log4Shell was discovered in popular logging framework Log4j affecting many services including iCloud Minecraft Java Edition and Steam and characterized as the single biggest most critical vulnerability of the last decade 17 18 See also EditBlueKeep Follina security vulnerability References Edit Team KernelCare 25 January 2021 Remote code execution attack what it is how to protect your systems blog kernelcare com Retrieved 2021 09 22 Deserialization of untrusted data owasp org Understanding type confusion vulnerabilities CVE 2015 0336 microsoft com 18 June 2015 Exploiting CVE 2018 19134 remote code execution through type confusion in Ghostscript lgtm com 5 February 2019 LDD arbitrary code execution Gilreath William F Laplante Phillip A 2003 03 31 Computer Architecture A Minimalist Perspective Springer Science amp Business Media ISBN 9781402074165 Reilly Edwin D 2003 Milestones in Computer Science and Information Technology Greenwood Publishing Group p 245 ISBN 9781573565219 Tech Insight Execute Disable Bit XD Bit PDF toshiba pl 2005 AMD has you covered PDF amd com 2012 Remote Code Execution an overview ScienceDirect Topics www sciencedirect com Retrieved 2021 12 05 Orland Kyle 14 January 2014 How an emulator fueled robot reprogrammed Super Mario World on the fly arstechnica com Retrieved 27 July 2016 Microsoft Windows CVE 2018 8213 Arbitrary Code Execution Vulnerability Symantec www symantec com Retrieved 2018 10 31 A Vulnerability in 7 Zip Could Allow for Arbitrary Code Execution New York State Office of Information Technology Services Archived from the original on 2021 08 15 Retrieved 2018 10 31 NVD CVE 2017 12934 nvd nist gov Retrieved 2018 10 31 File Operation Induced Unserialization via the phar Stream Wrapper PDF Secarma Labs 2018 NVD CVE 2017 12933 nvd nist gov Retrieved 2018 10 31 Zeroday in ubiquitous Log4j tool poses a grave threat to the Internet Ars Technica December 9 2021 Retrieved December 11 2021 Recently uncovered software flaw most critical vulnerability of the last decade The Guardian 11 December 2021 Retrieved December 11 2021 Retrieved from https en wikipedia org w index php title Arbitrary code execution amp oldid 1162762055, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.