|
|
|
|
CWE-88: Argument Injection or Modification | |
Individual Definition in a New Window Argument Injection or Modification Status: Draft Weakness ID: 88 (Weakness Base)Description Summary The software does not sufficiently delimit the arguments being
passed to a component in another control sphere, allowing alternate arguments to
be provided, leading to potentially security-relevant
changes. Weakness Ordinalities Primary (where the weakness exists independent of other weaknesses) Causal Nature Explicit (an explicit
weakness resulting from behavior of the developer) Affected Resources  System Process Potential Mitigations Avoid using user-controlled input in command arguments. Assume all input is malicious. Use an appropriate combination of black
lists and white lists to ensure only valid and expected input is processed
by the system. Observed Examples | Reference | Description |
|---|
| Canonical Example | | | | | | | | | | | | | | | | | | | | Argument injection vulnerability in TellMe 1.2 and
earlier allows remote attackers to modify command line arguments for the
Whois program and obtain sensitive information via "--" style options in the
q_Host parameter. | | Beagle before 0.2.5 can produce certain insecure
command lines to launch external helper applications while indexing, which
allows attackers to execute arbitrary commands. NOTE: it is not immediately
clear whether this issue involves argument injection, shell metacharacters,
or other issues. | | Argument injection vulnerability in Internet
Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to
modify command line arguments to an invoked mail client via " (double quote)
characters in a mailto: scheme handler, as demonstrated by launching
Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is
not clear whether this issue is implementation-specific or a problem in the
Microsoft API. | | Argument injection vulnerability in Mozilla
Firefox 1.0.6 allows user-assisted remote attackers to modify command line
arguments to an invoked mail client via " (double quote) characters in a
mailto: scheme handler, as demonstrated by launching Microsoft Outlook with
an arbitrary filename as an attachment. NOTE: it is not clear whether this
issue is implementation-specific or a problem in the Microsoft
API. | | Argument injection vulnerability in Avant Browser
10.1 Build 17 allows user-assisted remote attackers to modify command line
arguments to an invoked mail client via " (double quote) characters in a
mailto: scheme handler, as demonstrated by launching Microsoft Outlook with
an arbitrary filename as an attachment. NOTE: it is not clear whether this
issue is implementation-specific or a problem in the Microsoft
API. | | Argument injection vulnerability in the URI
handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows
remote authorized attackers to download arbitrary files via a URL that
contains certain command-line switches. | | Argument injection vulnerability in WinSCP 3.8.1
build 328 allows remote attackers to upload or download arbitrary files via
encoded spaces and double-quote characters in a scp or sftp
URI. | | Argument injection vulnerability in the Windows
Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and
Server 2003 SP1 and earlier allows remote user-assisted attackers to execute
arbitrary commands via a crafted file with a "/" (slash) character in the
filename of the Command Line property, followed by a valid file extension,
which causes the command before the slash to be executed, aka "Object
Packager Dialogue Spoofing Vulnerability." | | Argument injection vulnerability in HyperAccess
8.4 allows user-assisted remote attackers to execute arbitrary vbscript and
commands via the /r option in a telnet:// URI, which is configured to use
hawin32.exe. | | Argument injection vulnerability in the telnet
daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets
certain client "-f" sequences as valid requests for the login program to
skip authentication, which allows remote attackers to log into certain
accounts, as demonstrated by the bin account. |
Other Notes At one layer of abstraction, this can overlap other weaknesses that have
whitespace problems, e.g. injection of javascript into attributes of HTML
tags. Fault: unquoted special characters, input restriction error, unquoted
special terms, whitespace References Relationships Taxonomy Mappings | Mapped Taxonomy Name | Mapped Node Name |
|---|
| PLOVER | Argument Injection or Modification |
Applicable Platforms Time of Introduction Architecture and Design Implementation Related Attack Patterns | CAPEC-ID | (CAPEC Version 1.1)Attack Pattern Name |
|---|
| 88 | OS Command Injection | | 41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
Content History Submissions PLOVER. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External)updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal)updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities |
