Privilege escalation
From Free net encyclopedia
Revision as of 19:08, 21 April 2006; view current revision
←Older revision | Newer revision→
←Older revision | Newer revision→
Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with a higher security context than intended by the application developer or system administrator.
[edit]
Privilege escalation examples
- Cross Zone Scripting is a type of privilege escalation attack.
- A Microsoft Windows Service is usually configured run as Local System command. A vulnerability, e.g. buffer overflow or Shell Injection may be used to execute arbitrary code with privilege elevated to Local System.
- In Unix it is not uncommon to have a few commands with suid root. A vulnerability, e.g. Buffer Overflow or Shell Injection may be used to execute arbitrary code with privilege elevated to root.
[edit]
