Privilege escalation

Encyclopedia : P : PR : PRI : Privilege escalation

---

Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with a higher security context than intended by the application developer or system administrator.

Privilege escalation examples

• Cross Zone Scripting is a type of privilege escalation attack.
• A Microsoft Windows Service is usually configured run as Local System command. A vulnerability, e.g. buffer overflow or Shell Injection may be used to execute arbitrary code with privilege elevated to Local System.
• In Unix it is not uncommon to have a few commands with both suid root, and world execute permissions enabled. A vulnerability, (e.g. buffer overflow or shell injection) in such a utility may be exploited by any process to execute arbitrary code with privilege elevated to root.

See also

• principle of least privilege
• Privilege revocation
• Defensive programming

 

---

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0

1

2

3

4

5

6

7

8

9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

?