sys-vuln

Outdated System Components with Known Vulnerabilities

Operating systems often use a lot of the same core software. Things like bash and gcc as well as commands like ls and grep are ubiquitous across many operating systems. Every once in a while, a vulnerability is discovered in one of these programs. Because these softwares are so widespread, an attack can remain viable for years, even after updates are available.

Attack Vector

This category focuses on known vulnerabilities. The strategy for finding these vulnerabilities therefore, is to find the software that is known to be vulnerable. There are several sources that track known vulnerabilities in different versions of software. For example, here is a list of known vulnerabilities in the bash shell.

If the vulnerable version of the software is running in the relevant environment, it should be feasible to preform the attack.

Impact

The impact can range from mild information leakage to full arbitrary code execution. The impact is decided by the nature of the vulnerability as well as the placement of the vulnerable software. Known vulnerabilities are often filed under a vulnerability category or even with an “impact score”.

Historical Attacks

One of the biggest ever ransomware attacks, WannaCry, attacked a vulnerability in Windows for which a patch had already been issued (albeit only a few months prior).

Defenses

Frequent and widespread software updates are the main defense against known vulnerabilities.

Tips for Demonstration

In order to demonstrate that you have preformed this exploit you should:

  1. Identify the vulnerable software
  2. Identify and explain the known vulnerability
  3. Preform an attack on the known vulnerability
  4. Show the attack has had some effect and categorize that effect according to its severity category.

Other resources

wschor, srowley1