HOME

TheInfoList



Click Here for Items Related To - remote code execution
OR:
remote code execution on:   [Wikipedia]   [Google]   [Amazon]

In
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
. An arbitrary code execution
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE).


Vulnerability types

There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example: * Memory safety vulnerabilities such as buffer overflows or over-reads. * Deserialization vulnerabilities * Type confusion vulnerabilities * GNU LDD arbitrary code execution


Methods

Arbitrary code execution is commonly achieved through control over the
instruction pointer The program counter (PC), commonly called the instruction pointer (IP) in Intel x86 and Itanium microprocessors, and sometimes called the instruction address register (IAR), the instruction counter, or just part of the instruction sequencer, is ...
(such as a jump or a
branch A branch, sometimes called a ramus in botany, is a woody structural member connected to the central trunk of a tree (or sometimes a shrub). Large branches are known as boughs and small branches are known as twigs. The term ''twig'' usually ...
) of a running
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer in
RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...
) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed. This type of attack exploits the fact that most computers (which use a
Von Neumann architecture The von Neumann architecture — also known as the von Neumann model or Princeton architecture — is a computer architecture based on a 1945 description by John von Neumann, and by others, in the '' First Draft of a Report on the EDVAC''. T ...
) do not make a general distinction between code and data, so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit.


Combining with privilege escalation

On its own, an arbitrary code execution exploit will give the attacker the same privileges as the target process that is vulnerable. For example, if exploiting a flaw in a
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
, an attacker could act as the user, performing actions such as modifying personal computer files or accessing banking information, but would not be able to perform system-level actions (unless the user in question also had that access). To work around this, once an attacker can execute arbitrary code on a target, there is often an attempt at a
privilege escalation Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The re ...
exploit in order to gain additional control. This may involve the
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learn ...
itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a
zombie A zombie ( Haitian French: , ht, zonbi) is a mythological undead corporeal revenant created through the reanimation of a corpse. Zombies are most commonly found in horror and fantasy genre works. The term comes from Haitian folklore, in w ...
—but privilege escalation helps with hiding the attack from the legitimate administrator of the system.


Examples

Retrogaming Retrogaming, also known as classic gaming and old school gaming, is the current playing and collection of obsolete computer game, personal computers, video game console, consoles, and video games. Usually, retrogaming is based upon systems that ...
hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code, usually using a precise sequence of button inputs in a tool-assisted superplay to cause a
buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly whereby a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. Buffers are areas of memo ...
, allowing them to write to
protected memory Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that h ...
. At Awesome Games Done Quick 2014, a group of
speedrunning Speedrunning is the act of playing a video game, or section of a video game, with the goal of completing it as fast as possible. Speedrunning often involves following planned routes, which may incorporate sequence breaking and can exploit gli ...
enthusiasts managed to code and run versions of the games ''
Pong ''Pong'' is a table tennis–themed twitch arcade sports video game, featuring simple two-dimensional graphics, manufactured by Atari and originally released in 1972. It was one of the earliest arcade video games; it was created by Allan Al ...
'' and ''
Snake Snakes are elongated, limbless, carnivorous reptiles of the suborder Serpentes . Like all other squamates, snakes are ectothermic, amniote vertebrates covered in overlapping scales. Many species of snakes have skulls with several more j ...
'' in a copy of ''
Super Mario World ''Super Mario World,'' known in Japan as is a platform video game developed and published by Nintendo for the Super Nintendo Entertainment System (SNES). It was released in Japan in 1990, North America in 1991 and Europe and Australia in 19 ...
'' by utilizing a buffer overflow to write arbitrary code to
memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remembered ...
. On June 12, 2018, security researcher Jean-Yves Avenard of
Mozilla Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, w ...
discovered an ACE vulnerability in
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on J ...
. On May 1, 2018, a security researcher discovered an ACE vulnerability in the
7-Zip 7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives". It is developed by Igor Pavlov and was first released in 1999. 7-Zip has its own archive format called 7z, ...
file archiver.
PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group. ...
has been the subject of numerous ACE vulnerabilities. On December 9, 2021, a RCE vulnerability called "
Log4Shell Log4Shell (CVE-2021-44228) was a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Found ...
" was discovered in popular logging framework Log4j, affecting many services including
iCloud iCloud is a cloud service from Apple Inc. launched on October 12, 2011 as a successor to MobileMe. , the service had an estimated 850 million users, up from 782 million users in 2016. iCloud enables users to sync their data to the cloud, inclu ...
, '' Minecraft: Java Edition'' and Steam, and characterized as "the single biggest, most critical vulnerability of the last decade".


See also

* BlueKeep (security vulnerability) * Follina (security vulnerability)


References

{{DEFAULTSORT:Arbitrary Code Execution Injection exploits