CAPEC-40

Standard Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: High Severity: Very High
Manipulating Writeable Terminal Devices

Description

This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.

Prerequisites

User terminals must have a permissive access control such as world writeable that allows normal users to control data on other user's terminals.

Mitigations

Design: Ensure that terminals are only writeable by named owner user and/or administrator

Design: Enforce principle of least privilege

Skills Required

[Low] Ability to discover permissions on terminal devices. Of course, brute force can also be used.