How to exploit race conditions
Race conditions vulnerabilities can exist in applications that contain parallel processing. These vulnerabilities exist if multiple threads of execution do not interact with shared resources in a safe manner.
For example, an application containing a race condition vulnerability may have multiple threads accessing and removing elements from a shared vector. If this is the case and the application is not designed to be threadsafe, an array out-of-bound error may occur if a thread reads from an empty vector that it thought still contained at least one element.
Learn Secure Coding
Exploiting race condition vulnerabilities
Race condition vulnerabilities make an application potentially vulnerable to exploitation. This is true even if the application is not designed to be parallelized but makes use of shared resources on the computer (files and so on).
Running multiple applications in parallel
Not all applications are designed to be multithreaded. Those that are designed in this way are more likely to be designed and implemented in a threadsafe fashion, since the developer is actively thinking about parallel processing when planning and writing the code.
However, the fact that an application is not designed to be run in a parallelized fashion doesn’t mean that it can’t be. In addition to multithreading, parallel processing can occur at the process level if multiple different instances of the same application are run in parallel.
At the process level, far less is shared between different threads of execution than in a multithreaded program. However, low-level resources like the file system, peripherals and so on are shared between multiple different processes on the system.
By running multiple different instances of an application at the same time, an attacker may be able to take advantage of a race condition vulnerability that impacts these low-level components. This could cause the multiple processes to compete in a way that the developer did not anticipate and that might undermine the application’s security.
Programmatic access to an application
Supporting multiple users at once is a common use of parallel processing within an application. Each request is handled by a separate thread of execution, making it possible for the application to truly support multiple users at once.
If an application is designed in this way but not in a threadsafe fashion, then programmatic access to the application may allow an attacker to exploit a race condition vulnerability. In many cases, race conditions have a very small window for exploitation, making them difficult or impossible for a human to exploit the vulnerability. However, the use of an automated bot to interact with the application may be able to make requests close enough together to cause different threads of execution to run closely enough together to exploit the race condition vulnerability.
Using an external program to edit shared resources
Some applications are designed to use files — either temporary or permanent — to store state and data. For example, an application may store user account information in a database or write the results of a particular operation to a temporary file for future reference.
Depending upon the details of the algorithm’s implementation and permissions, this may make the application vulnerable to exploitation. Files stored on a computer’s filesystem are accessible to any application or user with the appropriate permissions. If an application manages to gain access to and modify a temporary file between an application’s initial write to the file and later read or between checking its contents and reading them in for use (time-of-check time-of-use race condition), then they may be able to control the application’s operations or gain additional permissions on the system.
Learn Secure Coding
Taking advantage of race condition vulnerabilities
Race condition vulnerabilities are most obvious if they exist because a multithreaded application is not implemented in a threadsafe manner. However, these vulnerabilities can also exist and be exploited if an application not designed to be parallelized makes use of low-level resources in an unsafe manner. All applications using shared resources need to be designed in a way that they do not trust in the integrity of these shared, untrusted resources.
Sources
- Race Condition, AppSec Knowledge Base
- Time of check to time of use (TOCTOU): A race condition, Hacker Noon
- POSIX Threads, csc.villanova.edu
Learn Secure Coding
Get hands-on experience with common coding mistakes, how they can be exploited and possible mitigations. Learn secure coding in:- Android and iOS
- C/C++, Java, .NET and PHP
- And more
In this Series
- How to exploit race conditions
- Enhancing code security: Tools and techniques for safeguarding your code
- DevSecOps Tools of the trade
- Software dependencies: The silent killer behind the world's biggest attacks
- Software composition analysis and how it can protect your supply chain
- Only 20% of new developers receive secure coding training, says report
- Introduction to Secure Software Development Life Cycle
- How to control the flow of a program in x86 assembly
- Mitigating MFA bypass attacks: 5 tips for developers
- How to diagnose and locate segmentation faults in x86 assembly
- How to use the ObjDump tool with x86
- Debugging your first x86 program
- How to build a program and execute an application entirely built in x86 assembly
- Overview of common x86 instructions
- x86 basics: Data representation, memory and information storage
- What is x86 assembly?
- Introduction to x86 assembly and syntax
- Introduction to variables
- How to mitigate Race Conditions vulnerabilities
- How to avoid Cryptography errors
- Cryptography errors Exploitation Case Study
- How to exploit Cryptography errors in applications
- Email-based attacks with Python: Phishing, email bombing and more
- Attacking Web Applications With Python: Recommended Tools
- Attacking Web Applications With Python: Exploiting Web Forms and Requests
- Attacking Web Applications With Python: Web Scraper Python
- Python for Network Penetration Testing: Best Practices and Evasion Techniques
- Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools
- Python Language Basics: Variables, Lists, Loops, Functions and Conditionals
- How to Mitigate Poor HTTP Usage Vulnerabilities
- How to Exploit Poor HTTP Usage
- Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)
- How to Mitigate Integer Overflow and Underflow Vulnerabilities
- How to exploit integer overflow and underflow
- Introduction to Parallel Processing
- What are Race Conditions?
- How Are Credentials Used In Applications?
- How To Exploit Least Privilege Vulnerabilities
- XSS Vulnerabilities Exploitation Case Study
- What is is integer overflow and underflow?
- SQL Injection Vulnerabilities Exploitation Case Study
- How to exploit improper error handling
- Improper Error Handling Exploitation Case Study
- Why Improper Error Handling Happens
- How to exploit CSRF Vulnerabilities
- How to mitigate CSRF Vulnerabilities
- What Causes Command Injection Vulnerabilities? (How are Data and Code Handled in Execution Environments)
- Command Injection Vulnerabilities
- Command Injection Vulnerabilities Exploitation Case Study
- How to mitigate Command Injection Vulnerabilities
- How to exploit SQL Injection Vulnerabilities
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Secure coding