CWE-596 – DEPRECATED: Incorrect Semantic Object Comparison

Read Time:15 Second

Description

This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate ID solely because of domain-specific considerations. Its closest equivalent is CWE-1023.

Modes of Introduction:

 

 

Related Weaknesses

 

Consequences

 

Potential Mitigations

CVE References

CWE-595 – Comparison of Object References Instead of Object Contents

Read Time:38 Second

Description

The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings’ references, not their values.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1025

 

Consequences

Other: Varies by Context

This weakness can lead to erroneous results that can cause unexpected application behaviors.

 

Potential Mitigations

Phase: Implementation

Description: 

In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor.

CVE References

CWE-594 – J2EE Framework: Saving Unserializable Objects to Disk

Read Time:58 Second

Description

When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.

In heavy load conditions, most J2EE application frameworks flush objects to disk to manage memory requirements of incoming requests. For example, session scoped objects, and even application scoped objects, are written to disk when required. While these application frameworks do the real work of writing objects to disk, they do not enforce that those objects be serializable, thus leaving the web application vulnerable to crashes induced by serialization failure. An attacker may be able to mount a denial of service attack by sending enough requests to the server to force the web application to save objects to disk.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-710

 

Consequences

Integrity: Modify Application Data

Data represented by unserializable objects can be corrupted.

Availability: DoS: Crash, Exit, or Restart

Non-serializability of objects can lead to system crash.

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

All objects that become part of session and application scope must implement the java.io.Serializable interface to ensure serializability of containing objects.

CVE References

CWE-593 – Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

Read Time:48 Second

Description

The software modifies the SSL context after connection creation has begun.

If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-666
CWE-287

 

Consequences

Access Control: Bypass Protection Mechanism

No authentication takes place in this process, bypassing an assumed protection of encryption.

Confidentiality: Read Application Data

The encrypted communication between a user and a trusted host may be subject to a sniffing attack.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use a language or a library that provides a cryptography framework at a higher level of abstraction.

Phase: Implementation

Description: 

Most SSL_CTX functions have SSL counterparts that act on SSL-type objects.

Phase: Implementation

Description: 

Applications should set up an SSL_CTX completely, before creating SSL objects from it.

CVE References

CWE-591 – Sensitive Data Storage in Improperly Locked Memory

Read Time:1 Minute, 16 Second

Description

The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-413

 

Consequences

Confidentiality: Read Application Data, Read Memory

Sensitive data that is written to a swap file may be exposed.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Identify data that needs to be protected from swapping and choose platform-appropriate protection mechanisms.

Phase: Implementation

Description: 

Check return values to ensure locking operations are successful.

CVE References

CWE-590 – Free of Memory not on the Heap

Read Time:1 Minute, 18 Second

Description

The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().

When free() is called on an invalid pointer, the program’s memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-762
CWE-123

 

Consequences

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Modify Memory

There is the potential for arbitrary code execution with privileges of the vulnerable program via a “write, what where” primitive. If pointers to memory which hold user information are freed, a malicious user will be able to write 4 bytes anywhere in memory.

 

Potential Mitigations

Phase: Implementation

Description: 

Only free pointers that you have called malloc on previously. This is the recommended solution. Keep track of which pointers point at the beginning of valid chunks and free them only once.

Phase: Implementation

Description: 

Before freeing a pointer, the programmer should make sure that the pointer was previously allocated on the heap and that the memory belongs to the programmer. Freeing an unallocated pointer will cause undefined behavior in the program.

Phase: Architecture and Design

Description: 

Phase: Architecture and Design

Description: 

Use a language that provides abstractions for memory allocation and deallocation.

Phase: Testing

Description: 

Use a tool that dynamically detects memory management problems, such as valgrind.

CVE References

CWE-59 – Improper Link Resolution Before File Access (‘Link Following’)

Read Time:3 Minute, 28 Second

Description

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Soft links are a UNIX term that is synonymous with simple shortcuts on windows based platforms.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-706
CWE-706

 

Consequences

Confidentiality, Integrity, Access Control: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism

An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.

Other: Execute Unauthorized Code or Commands

Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a “.LNK” file can be uploaded like a normal file. This can enable remote execution.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

CVE References

  • CVE-1999-1386
    • Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.
  • CVE-2000-1178
    • Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.
  • CVE-2004-0217
    • Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.
  • CVE-2003-0517
    • Symlink attack allows local users to overwrite files.
  • CVE-2004-0689
    • Window manager does not properly handle when certain symbolic links point to “stale” locations, which could allow local users to create or truncate arbitrary files.
  • CVE-2000-0972
    • Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.
  • CVE-2001-1494
    • Hard link attack, file overwrite; interesting because program checks against soft links
  • CVE-2002-0793
    • Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.
  • CVE-2003-0578
    • Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
  • CVE-1999-0783
    • Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
  • CVE-2004-1603
    • Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.
  • CVE-2004-1901
    • Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
  • CVE-2000-0342
    • Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka “Stealth Attachment.”
  • CVE-2001-1042
    • FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
  • CVE-2001-1043
    • FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
  • CVE-2005-0587
    • Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
  • CVE-2003-1233
    • Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link
  • CVE-2002-0725
    • File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
  • CVE-2003-0844
    • Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.

CWE-589 – Call to Non-ubiquitous API

Read Time:44 Second

Description

The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.

Some functions that offer security features supported by the OS are not available on all versions of the OS in common use. Likewise, functions are often deprecated or made obsolete for security reasons and should not be used.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-474

 

Consequences

Other: Quality Degradation

 

Potential Mitigations

Phase: Implementation

Description: 

Always test your code on any platform on which it is targeted to run on.

Phase: Testing

Description: 

Test your code on the newest and oldest platform on which it is targeted to run on.

Phase: Testing

Description: 

Develop a system to test for API functions that are not portable.

CVE References

CWE-588 – Attempt to Access Child of a Non-structure Pointer

Read Time:33 Second

Description

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-704
CWE-758

 

Consequences

Integrity: Modify Memory

Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.

Availability: DoS: Crash, Exit, or Restart

Execution may end due to a memory access error.

 

Potential Mitigations

Phase: Requirements

Description: 

The choice could be made to use a language that is not susceptible to these issues.

Phase: Implementation

Description: 

Review of type casting operations can identify locations where incompatible types are cast.

CVE References