CAPEC-25 - Forced Deadlock

This attack attempts to trigger and exploit a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock condition are not easy to detect.

Severity

Likelihood

Confidentiality

Integrity

Availability

  • Attack Methods 2
  • Analysis
  • API Abuse
  • Purposes 1
  • Exploitation
  • Scopes 1
  • DoS: resource consumption (other)
  • Availability

Medium level: This type of attack may be sophisticated and require knowledge about the system's resources and APIs.

The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [R.25.3][REF-6]

The target host exposes an API to the user.

The attacker can probe by trying to hold resources and call APIs which are directly using the same resources.

The attacker may try to find actions (threads, processes) competing for the same resources.

Step 1 -

The attacker initiates an exploratory phase to get familiar with the system..

Step 2 -

The attacker triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish..

Step 3 -

If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service..


Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).

For competing actions use well-known libraries which implement synchronization.