Scope | Impact | Likelihood |
---|---|---|
Access Control Confidentiality | Technical Impact: Gain Privileges or Assume Identity; Read Application Data; Read Files or Directories An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker's original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow. |
Phases: Architecture and Design; Operation
Phase: Architecture and Design
Strategy: Separation of Privilege
Phase: Architecture and Design
Strategy: Separation of Privilege
Nature | Type | ID | Name |
---|---|---|---|
ChildOf | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 271 | Privilege Dropping / Lowering Errors |
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 265 | Privilege Issues |
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1011 | Authorize Actors |
Phase | Note |
---|---|
Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
Operation |
Languages
Class: Not Language-Specific (Undetermined Prevalence)
Example 1
The following example demonstrates the weakness.
Example 2
The following example demonstrates the weakness.
Example 3
The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.
Constraining the process inside the application's home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced.
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Automated Static Analysis - Binary or Bytecode
Effectiveness: SOAR Partial
Dynamic Analysis with Automated Results Interpretation
Effectiveness: SOAR Partial
Manual Static Analysis - Source Code
Effectiveness: High
Automated Static Analysis - Source Code
Effectiveness: SOAR Partial
Automated Static Analysis
Effectiveness: SOAR Partial
Architecture or Design Review
Effectiveness: High
Nature | Type | ID | Name |
---|---|---|---|
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 254 | 7PK - Security Features |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 748 | CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 859 | The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 901 | SFP Primary Cluster: Privilege |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1149 | SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) |
MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1396 | Comprehensive Categorization: Access Control |
Usage: ALLOWED
Reason: Acceptable-Use
Rationale:
This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments:
Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.Other
If system privileges are not dropped when it is reasonable to do so, this is not a vulnerability by itself. According to the principle of least privilege, access should be allowed only when it is absolutely necessary to the function of a given system, and only for the minimal necessary amount of time. Any further allowance of privilege widens the window of time during which a successful exploitation of the system will provide an attacker with that same privilege. If at all possible, limit the allowance of system privilege to small, simple sections of code that may be called atomically.
When a program calls a privileged function, such as chroot(), it must first acquire root privilege. As soon as the privileged operation has completed, the program should drop root privilege and return to the privilege level of the invoking user.
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
7 Pernicious Kingdoms | Least Privilege Violation | ||
CLASP | Failure to drop privileges when reasonable | ||
CERT C Secure Coding | POS02-C | Follow the principle of least privilege | |
The CERT Oracle Secure Coding Standard for Java (2011) | SEC00-J | Do not allow privileged blocks to leak sensitive information across a trust boundary | |
The CERT Oracle Secure Coding Standard for Java (2011) | SEC01-J | Do not allow tainted variables in privileged blocks | |
Software Fault Patterns | SFP36 | Privilege |
Submissions | ||
---|---|---|
Submission Date | Submitter | Organization |
2006年07月19日 (CWE Draft 3, 2006年07月19日) | 7 Pernicious Kingdoms | |
Modifications | ||
Modification Date | Modifier | Organization |
2008年07月01日 | Eric Dalci | Cigital |
updated Time_of_Introduction | ||
2008年09月08日 | CWE Content Team | MITRE |
updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities | ||
2008年10月14日 | CWE Content Team | MITRE |
updated Maintenance_Notes | ||
2008年11月24日 | CWE Content Team | MITRE |
updated Relationships, Taxonomy_Mappings | ||
2009年03月10日 | CWE Content Team | MITRE |
updated Demonstrative_Examples | ||
2009年05月27日 | CWE Content Team | MITRE |
updated Demonstrative_Examples | ||
2009年12月28日 | CWE Content Team | MITRE |
updated Potential_Mitigations | ||
2010年06月21日 | CWE Content Team | MITRE |
updated Potential_Mitigations | ||
2010年12月13日 | CWE Content Team | MITRE |
updated Other_Notes | ||
2011年06月01日 | CWE Content Team | MITRE |
updated Common_Consequences, Relationships, Taxonomy_Mappings | ||
2012年05月11日 | CWE Content Team | MITRE |
updated Demonstrative_Examples, Relationships, Taxonomy_Mappings | ||
2012年10月30日 | CWE Content Team | MITRE |
updated Potential_Mitigations | ||
2014年07月30日 | CWE Content Team | MITRE |
updated Detection_Factors, Taxonomy_Mappings | ||
2017年11月08日 | CWE Content Team | MITRE |
updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Relationships | ||
2019年01月03日 | CWE Content Team | MITRE |
updated Relationships, Taxonomy_Mappings | ||
2020年02月24日 | CWE Content Team | MITRE |
updated Detection_Factors, References, Relationships | ||
2020年12月10日 | CWE Content Team | MITRE |
updated Potential_Mitigations | ||
2021年03月15日 | CWE Content Team | MITRE |
updated Demonstrative_Examples | ||
2023年04月27日 | CWE Content Team | MITRE |
updated Relationships, Time_of_Introduction | ||
2023年06月29日 | CWE Content Team | MITRE |
updated Mapping_Notes |
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.