Read Time:33 Second

Description

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-732
CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References

  • CVE-2002-2323
    • Incorrect ACLs used when restoring backups from directories that use symbolic links.
  • CVE-2001-1515
    • Automatic modification of permissions inherited from another file system.
  • CVE-2005-1920
    • Permissions on backup file are created with defaults, possibly less secure than original file.