I’ll specifically answer how there can be gaps in code by an example:
Let’s say a server runs an imaginary OS called templeOS. It has 2 processes running:
* A process that runs commands. You see a command line, you can input commands, and it’ll do what you tell it to. Depending on the command (for example editing a file), you might need admin privileges to run a command and the process will ask for the admin password, which you do not have. Some commands (like editing a file that was marked as “editable by all users”) are allowed.
* The process that we will call “stupid” this will be our entry to gain access. It’s a process that every 5 minutes runs a command that’s written in a text file called “command.txt” that sits in a folder. Important: it does so with admin privileges.
Now up until version 4.0.6, the dude who wrote “stupid” put the file with the command in a folder normal users can access and edit. He fixes that but fails to notify anyone that up until that version, there was a vulnerability.
Once a hacker notices a server that still runs the version, he could remotely login as a user, change the command in the folder to “give the user admin rights” and he would effectively have control over everything.
It’s almost always the interaction of multiple processes or programs that create gaps.
Latest Answers