Description
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Medium
Related Weaknesses
Consequences
Access Control: Gain Privileges or Assume Identity
Potential Mitigations
Phase: Architecture and Design, Operation
Description:
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phase: Architecture and Design
Description:
Follow the principle of least privilege when assigning access rights to entities in a software system.
Phase: Architecture and Design
Description:
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CVE References
- CVE-2001-1555
- Terminal privileges are not reset when a user logs out.
- CVE-2001-1514
- Does not properly pass security context to child processes in certain cases, allows privilege escalation.
- CVE-2001-0128
- Does not properly compute roles.
- CVE-1999-1193
- untrusted user placed in unix “wheel” group
- CVE-2005-2741
- Product allows users to grant themselves certain rights that can be used to escalate privileges.
- CVE-2005-2496
- Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.
- CVE-2004-0274
- Product mistakenly assigns a particular status to an entity, leading to increased privileges.
- CVE-2007-4217
- FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.
- CVE-2007-5159
- OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.
- CVE-2008-4638
- Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).
- CVE-2007-3931
- Installation script installs some programs as setuid when they shouldn’t be.
- CVE-2002-1981
- Roles have access to dangerous procedures (Accessible entities).
- CVE-2002-1671
- Untrusted object/method gets access to clipboard (Accessible entities).
- CVE-2000-0315
- Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).
- CVE-2000-0506
- User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...