All posts by rocco

CWE-471 – Modification of Assumed-Immutable Data (MAID)

Read Time:53 Second

Description

The software does not properly protect an assumed-immutable element from being modified by an attacker.

This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-664

 

Consequences

Integrity: Modify Application Data

Common data types that are attacked are environment variables, web application parameters, and HTTP headers.

Integrity: Unexpected State

 

Potential Mitigations

Phase: Architecture and Design, Operation, Implementation

Description: 

When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence.

CVE References

  • CVE-2005-1905
    • Gain privileges by modifying assumed-immutable code addresses that are accessed by a driver.

CWE-472 – External Control of Assumed-Immutable Web Parameter

Read Time:1 Minute, 49 Second

Description

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-642
CWE-471

 

Consequences

Integrity: Modify Application Data

Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies.

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

  • CVE-2002-0108
    • Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.
  • CVE-2000-0253
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0254
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0926
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0101
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0102
    • Shopping cart allows price modification via hidden form field.
  • CVE-2000-0758
    • Allows admin access by modifying value of form field.
  • CVE-2000-1234
    • Send email to arbitrary users by modifying email parameter.
  • CVE-2005-1784
    • Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.
  • CVE-2005-1682
    • Modification of message number parameter allows attackers to read other people’s messages.

CWE-473 – PHP External Variable Modification

Read Time:1 Minute, 13 Second

Description

A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-471
CWE-98

 

Consequences

Integrity: Modify Application Data

 

Potential Mitigations

Phase: Requirements, Implementation

Description: 

Carefully identify which variables can be controlled or influenced by an external user, and consider adopting a naming convention to emphasize when externally modifiable variables are being used. An application should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary. Do not allow your application to run with register_globals enabled. If you implement a register_globals emulator, be extremely careful of variable extraction, dynamic evaluation, and similar issues, since weaknesses in your emulation could allow external variable modification to take place even without register_globals.

CVE References

  • CVE-2000-0860
    • File upload allows arbitrary file read by setting hidden form variables to match internal variable names.
  • CVE-2001-0854
    • Mistakenly trusts $PHP_SELF variable to determine if include script was called by its parent.
  • CVE-2002-0764
    • PHP remote file inclusion by modified assumed-immutable variable.
  • CVE-2001-1025
    • Modify key variable when calling scripts that don’t load a library that initializes it.
  • CVE-2003-0754
    • Authentication bypass by modifying array used for authentication.

CWE-474 – Use of Function with Inconsistent Implementations

Read Time:19 Second

Description

The code uses a function that has inconsistent implementations across operating systems and versions.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-758

 

Consequences

Other: Quality Degradation, Varies by Context

 

Potential Mitigations

Phase: Architecture and Design, Requirements

Description: 

Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level.

CVE References

CWE-476 – NULL Pointer Dereference

Read Time:4 Minute, 22 Second

Description

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-710
CWE-754
CWE-754

 

Consequences

Availability: DoS: Crash, Exit, or Restart

NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation.

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Read Memory, Modify Memory

In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

 

Potential Mitigations

Phase: Implementation

Description: 

If all pointers that could have been modified are sanity-checked previous to use, nearly all NULL pointer dereferences can be prevented.

Phase: Requirements

Description: 

The choice could be made to use a language that is not susceptible to these issues.

Phase: Implementation

Effectiveness: Moderate

Description: 

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment. This solution does not handle the use of improperly initialized variables (CWE-665).

Phase: Architecture and Design

Description: 

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Phase: Implementation

Description: 

Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage.

Phase: Testing

Description: 

Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.

CVE References

  • CVE-2005-3274
    • race condition causes a table to be corrupted if a timer activates while it is being modified, leading to resultant NULL dereference; also involves locking.
  • CVE-2002-1912
    • large number of packets leads to NULL dereference
  • CVE-2005-0772
    • packet with invalid error status value triggers NULL dereference
  • CVE-2009-4895
    • Chain: race condition for an argument value, possibly resulting in NULL dereference
  • CVE-2009-2692
    • Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).
  • CVE-2009-3547
    • Chain: race condition might allow resource to be released before operating on it, leading to NULL dereference
  • CVE-2009-3620
    • Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference
  • CVE-2009-2698
    • Chain: IP and UDP layers each track the same value with different mechanisms that can get out of sync, possibly resulting in a NULL dereference
  • CVE-2009-2692
    • Chain: uninitialized function pointers can be dereferenced allowing code execution
  • CVE-2009-0949
    • Chain: improper initialization of memory can lead to NULL dereference
  • CVE-2008-3597
    • Chain: game server can access player data structures before initialization has happened leading to NULL dereference
  • CVE-2020-6078
    • Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)
  • CVE-2008-0062
    • Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.
  • CVE-2008-5183
    • Chain: unchecked return value can lead to NULL dereference
  • CVE-2004-0079
    • SSL software allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
  • CVE-2004-0365
    • Network monitor allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
  • CVE-2003-1013
    • Network monitor allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
  • CVE-2003-1000
    • Chat client allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
  • CVE-2004-0389
    • Server allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference.
  • CVE-2004-0119
    • OS allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted request during authentication protocol selection.
  • CVE-2004-0458
    • Game allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
  • CVE-2002-0401
    • Network monitor allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause a NULL pointer dereference.

CWE-477 – Use of Obsolete Function

Read Time:27 Second

Description

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-710

 

Consequences

Other: Quality Degradation

 

Potential Mitigations

Phase: Implementation

Description: 

Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.

Phase: Requirements

Description: 

Consider seriously the security implications of using an obsolete function. Consider using alternate functions.

CVE References

CWE-478 – Missing Default Case in Switch Statement

Read Time:1 Minute, 10 Second

Description

The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.

This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-1023

 

Consequences

Integrity: Varies by Context, Alter Execution Logic

Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation.

 

Potential Mitigations

Phase: Implementation

Description: 

Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label.

Phase: Implementation

Description: 

In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.

CVE References

CWE-479 – Signal Handler Use of a Non-reentrant Function

Read Time:1 Minute, 2 Second

Description

The program defines a signal handler that calls a non-reentrant function.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Low

 

Related Weaknesses

CWE-828
CWE-663
CWE-123

 

Consequences

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands

It may be possible to execute arbitrary code through the use of a write-what-where condition.

Integrity: Modify Memory, Modify Application Data

Signal race conditions often result in data corruption.

 

Potential Mitigations

Phase: Requirements

Description: 

Require languages or libraries that provide reentrant functionality, or otherwise make it easier to avoid this weakness.

Phase: Architecture and Design

Description: 

Design signal handlers to only set flags rather than perform complex functionality.

Phase: Implementation

Description: 

Ensure that non-reentrant functions are not found in signal handlers.

Phase: Implementation

Effectiveness: Defense in Depth

Description: 

Use sanity checks to reduce the timing window for exploitation of race conditions. This is only a partial solution, since many attacks might fail, but other attacks still might work within the narrower window, even accidentally.

CVE References

  • CVE-2005-0893
    • signal handler calls function that ultimately uses malloc()
  • CVE-2004-2259
    • SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.

CWE-48 – Path Equivalence: ‘file name’ (Internal Whitespace)

Read Time:35 Second

Description

A software system that accepts path input in the form of internal space (‘file(SPACE)name’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-41

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

CVE References

  • CVE-2000-0293
    • Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.
  • CVE-2001-1567
    • “+” characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.