Privilege escalation

From Wikipedia, the free encyclopedia

Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with a higher security context than intended by the application developer or system administrator.

[edit] Privilege escalation examples

Cross Zone Scripting is a type of privilege escalation attack.
A Microsoft Windows Service is usually configured run as Local System command. A vulnerability, e.g. buffer overflow or Shell Injection may be used to execute arbitrary code with privilege elevated to Local System.
In Unix it is not uncommon to have a few commands with both suid root, and world execute permissions enabled. A vulnerability, (e.g. buffer overflow or shell injection) in such a utility may be exploited by any process to execute arbitrary code with privilege elevated to root.

[edit] See also

This computer-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "http://en.wikipedia.org../../../p/r/i/Privilege_escalation.html"

Categories: Computer stubs | Security exploits | System administration

Views

Search

In other languages

This page was last modified 17:02, 12 October 2006 by Wikipedia user Tsca.bot. Based on work by Wikipedia user(s) Blathnaid, Druiloor, JonHarder, Schepers, Petri Krohn, Blaufish, Tobias Bergemann, Jebba, Joy, R. S. Shaw, Jonathunder, Demi, Trivial, Abu badali, Sietse Snel and SimonP and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc.
About Wikipedia
Disclaimers