Arbitrary Code Execution
   HOME

TheInfoList



Click Here for Items Related To - Arbitrary Code Execution
OR:
Arbitrary Code Execution on:   [Wikipedia]   [Google]   [Amazon]

In
computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...
. An arbitrary code execution
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
is a security flaw in
software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE or RCX). Arbitrary code execution signifies that if someone sends a specially designed set of data to a computer, they can make it do whatever they want. Even though this particular weakness may not cause actual problems in the real world, researchers have discussed whether it suggests a natural tendency for computers to have vulnerabilities that allow unauthorized code execution.


Vulnerability types

There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example: * Memory safety vulnerabilities such as buffer overflows or over-reads. * Deserialization vulnerabilities * Type confusion vulnerabilities * GNU arbitrary code execution


Methods

Arbitrary code execution is commonly achieved through control over the
instruction pointer The program counter (PC), commonly called the instruction pointer (IP) in Intel x86 and Itanium microprocessors, and sometimes called the instruction address register (IAR), the instruction counter, or just part of the instruction sequencer, is ...
(such as a jump or a
branch A branch, also called a ramus in botany, is a stem that grows off from another stem, or when structures like veins in leaves are divided into smaller veins. History and etymology In Old English, there are numerous words for branch, includ ...
) of a running
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...
. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer in
RAM Ram, ram, or RAM most commonly refers to: * A male sheep * Random-access memory, computer memory * Ram Trucks, US, since 2009 ** List of vehicles named Dodge Ram, trucks and vans ** Ram Pickup, produced by Ram Trucks Ram, ram, or RAM may also ref ...
) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed. This type of attack exploits the fact that most computers (which use a
Von Neumann architecture The von Neumann architecture—also known as the von Neumann model or Princeton architecture—is a computer architecture based on the '' First Draft of a Report on the EDVAC'', written by John von Neumann in 1945, describing designs discus ...
) do not make a general distinction between code and data, so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit.


Combining with privilege escalation

On its own, an arbitrary code execution exploit will give the attacker the same privileges as the target process that is vulnerable. For example, if exploiting a flaw in a
web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
, an attacker could act as the user, performing actions such as modifying personal computer files or accessing banking information, but would not be able to perform system-level actions (unless the user in question also had that access). To work around this, once an attacker can execute arbitrary code on a target, there is often an attempt at a
privilege escalation Privilege escalation is the act of exploiting a Software bug, bug, a Product defect, design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resource (computer science), resources that ar ...
exploit in order to gain additional control. This may involve the kernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a
zombie A zombie (Haitian French: ; ; Kikongo: ''zumbi'') is a mythological undead corporeal revenant created through the reanimation of a corpse. In modern popular culture, zombies appear in horror genre works. The term comes from Haitian folkl ...
—but privilege escalation helps with hiding the attack from the legitimate administrator of the system.


Examples

Retrogaming Retro gaming, also known as classic gaming and old school gaming, is the playing and collection of computer game, personal computers, video game console, consoles, and video games from earlier decades. Usually, retro gaming is based upon syste ...
hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code, usually using a precise sequence of button inputs in a tool-assisted superplay to cause a buffer overflow, allowing them to write to protected memory. At Awesome Games Done Quick 2014, a group of speedrunners managed to code and run versions of the games ''
Pong ''Pong'' is a 1972 sports video game developed and published by Atari for arcades. It is one of the earliest arcade video games; it was created by Allan Alcorn as a training exercise assigned to him by Atari co-founder Nolan Bushnell, but B ...
'', ''
Snake Snakes are elongated limbless reptiles of the suborder Serpentes (). Cladistically squamates, snakes are ectothermic, amniote vertebrates covered in overlapping scales much like other members of the group. Many species of snakes have s ...
'' and '' Super Mario Bros.'' on a copy of ''
Super Mario World ''Super Mario World'', known in Japan as '' is a 1990 platform game developed by Nintendo EAD and published by Nintendo for the Super Nintendo Entertainment System (SNES). The player controls Mario on his quest to save Princess Peach and Dino ...
'' by utilizing an out-of-bounds read of a function pointer that points to a user controlled buffer to execute arbitrary code. On June 12, 2018, Bosnian security researcher Jean-Yves Avenard of
Mozilla Mozilla is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, publishes and supports Mozilla products, thereby promoting free software and open standards. The community is supported institution ...
discovered an ACE vulnerability in
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
. On May 1, 2018, a security researcher discovered an ACE vulnerability in the
7-Zip 7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own Archive file, archive forma ...
file archiver In computing, a file archiver is utility software that combines computer file, files into a single archive file or in less common cases, multiple files. A minimally designed archiver might concatenate the content of files along with file file n ...
.
PHP PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by the PHP Group. ...
has been the subject of numerous ACE vulnerabilities. On December 9, 2021, an RCE vulnerability called "
Log4Shell Log4Shell (CVE-2021-44228) is a zero-day vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed t ...
" was discovered in popular
logging Logging is the process of cutting, processing, and moving trees to a location for transport. It may include skidder, skidding, on-site processing, and loading of trees or trunk (botany), logs onto logging truck, trucksLog4j, affecting many services including
iCloud iCloud is the personal cloud service of Apple Inc. Launched on October 12, 2011, iCloud enables users to store and Data synchronization, sync data across devices, including Apple Mail, Calendar (Apple), Apple Calendar, Photos (Apple), Apple Ph ...
, '' Minecraft: Java Edition'' and
Steam Steam is water vapor, often mixed with air or an aerosol of liquid water droplets. This may occur due to evaporation or due to boiling, where heat is applied until water reaches the enthalpy of vaporization. Saturated or superheated steam is inv ...
, and characterized as "the single biggest, most critical vulnerability of the last decade".


See also

*
Computer security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
* BlueKeep * Follina (security vulnerability)


References


Further reading

* * * {{DEFAULTSORT:Arbitrary Code Execution Injection exploits