Name:undocumented or unknown function exploitation
Functions not included in the
documentation or unknown to the system owners or operators are exploited to
perform undesirable actions. Examples include back doors placed in systems
to facilitate maintenance,
undocumented system calls commonly inserted by vendors to enable special
functions resulting in economic or other market advantages, and program
sequences accessible in unusual ways as a result of improperly terminated
conditionals.
Complexity: Back-doors and other intentional functions are
normally either known or not known. If they are known, the attack takes
little or no effort. Finding back-doors is probably, in general, as hard as
demonstrating program correctness or similar problems that are at least
NP-complete and may be nearly exponential depending on what has to be shown.
There is some speculation that decision and data flow analysis might lead to
the detection of such functions, but no definitive results have been
published to date.
fc@red.a.net
