After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in / tmp.
Which of the following vulnerabilities has MOST likely been exploited?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The most likely vulnerability that has been exploited in this scenario is A. Privilege escalation.
The /etc/shadow file contains password hashes for user accounts on a Linux system. If an attacker gains write access to this file, they can potentially create a new user account or modify an existing one to grant themselves elevated privileges on the system. This is known as privilege escalation.
The insecure creation of files in the /tmp directory could potentially lead to other vulnerabilities such as resource exhaustion or denial of service attacks. However, given the context of the scenario, it is more likely that the two events are related and that an attacker used the insecure file creation vulnerability to gain access to the system and then escalated their privileges by modifying the /etc/shadow file.
Memory leak and pointer dereference are unrelated to this scenario and are not likely to be the cause of the observed behavior. Memory leaks occur when a program does not properly manage memory resources, leading to a gradual loss of available memory. Pointer dereference refers to the process of accessing the memory location pointed to by a pointer, which can lead to program crashes or other errors if the pointer is invalid.