...
A weakness in a privileged program caused by relying on untrusted sources such as the environment (See MSC32-J. Treat the environment as untrusted Provide a trusted environment and sanitize all inputs), can result in the execution of a command or a program which has more privileges than those possessed by a typical user. This code snippet shows such a vulnerability and can be best described as a variant of OS command injection. When the single argument version of the Runtime.exec() method is invoked, the arguments are parsed by a StringTokenizer into separate tokens. Consequently, any command separators maliciously inserted into the argument will not delimit the original command and an adversary will be unable to proceed with executing arbitrary system commands. This code is however, equally vulnerable as an attacker can easily invoke an external (privileged) program, despite the presence of a security manager.
...
| Wiki Markup |
|---|
\[[OWASP 05|AA. Java References#OWASP 05]\] [Reviewing Code for OS Injection|http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection] \[[Chess 07|AA. Java References#Chess 07]\] Chapter 5: Handling Input, "Command Injection" \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html] "Failure to Preserve OS Command Structure (aka 'OS Command Injection')" |
...
MSC32-J. Treat the environment as untrusted Provide a trusted environment and sanitize all inputs 49. Miscellaneous(MSC) 49.Miscellaneous (MSC)