d3cfe19d7e
Co-authored-by: Marco Borgeaud <89914223+marco-antognini-sonarsource@users.noreply.github.com>
34 lines
1.4 KiB
Plaintext
34 lines
1.4 KiB
Plaintext
=== What is the potential impact?
|
|
|
|
|
|
When user-supplied values are used to manipulate environment variables,
|
|
an attacker can supply carefully chosen values that cause the system to behave unexpectedly. +
|
|
In some cases, the attacker can use this capability to execute arbitrary code on the server.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the vulnerability.
|
|
|
|
==== Application-specific attacks
|
|
|
|
In this scenario, the attacker manages to inject an environment variable
|
|
that is recognized and used by the remote system. For example, this could
|
|
be the secret of a particular cloud provider used in an environment variable, or `PATH`.
|
|
|
|
Depending on the application, the attacker can read or modify important
|
|
data or perform unwanted actions. +
|
|
For example, injecting data into the `HTTP_PROXY` variable could lead to data leakage.
|
|
|
|
==== Application compromise
|
|
|
|
In the worst case, an attacker manages to inject an important environment
|
|
variable such as `LD_PRELOAD` and execute code by overriding trusted code.
|
|
|
|
Depending on the attacker, code execution can be used with different
|
|
intentions:
|
|
|
|
* Download the internal server's data, most likely to sell it.
|
|
* Modify data, install malware, and for instance, malware that mines cryptocurrencies.
|
|
* Stop services or exhaust resources, for instance, with fork bombs.
|
|
|
|
This threat is particularly insidious if the attacked organization does not
|
|
maintain a Disaster Recovery Plan (DRP). |