Description
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Confidentiality, Integrity: Read Application Data, Modify Application Data
Potential Mitigations
CVE References
- CVE-2003-0740
- Server leaks a privileged file descriptor, allowing the server to be hijacked.
- CVE-2004-1033
- File descriptor leak allows read of restricted files.
- CVE-2000-0094
- Access to restricted resource using modified file descriptor for stderr.
- CVE-2002-0638
- Open file descriptor used as alternate channel in complex race condition.
- CVE-2003-0489
- Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability.
- CVE-2003-0937
- User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor.
- CVE-2004-2215
- Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users.
- CVE-2006-5397
- Module opens a file for reading twice, allowing attackers to read files.
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...