Category Archives: CWE

CWE-440 – Expected Behavior Violation

Read Time:32 Second

Description

A feature, API, or function does not perform according to its specification.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-684

 

Consequences

Other: Quality Degradation, Varies by Context

 

Potential Mitigations

CVE References

  • CVE-2003-0187
    • Program uses large timeouts on “undeserving” to compensate for inconsistency of support for linked lists.
  • CVE-2003-0465
    • “strncpy” in Linux kernel acts different than libc on x86, leading to expected behavior difference – sort of a multiple interpretation error?
  • CVE-2005-3265
    • Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn’t.

CWE-441 – Unintended Proxy or Intermediary (‘Confused Deputy’)

Read Time:1 Minute, 42 Second

Description

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product’s control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-610
CWE-668

 

Consequences

Non-Repudiation, Access Control: Gain Privileges or Assume Identity, Hide Activities, Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Enforce the use of strong mutual authentication mechanism between the two parties.

Phase: Architecture and Design

Description: 

Whenever a product is an intermediary or proxy for
transactions between two other components, the proxy core
should not drop the identity of the initiator of the
transaction. The immutability of the identity of the
initiator must be maintained and should be forwarded all the
way to the target.

CVE References

  • CVE-1999-0017
    • FTP bounce attack. The design of the protocol allows an attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker’s.
  • CVE-1999-0168
    • RPC portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.
  • CVE-2005-0315
    • FTP server does not ensure that the IP address in a PORT command is the same as the FTP user’s session, allowing port scanning by proxy.
  • CVE-2002-1484
    • Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.
  • CVE-2001-1484
    • Bounce attack allows access to TFTP from trusted side.
  • CVE-2010-1637
    • Web-based mail program allows internal network scanning using a modified POP3 port number.
  • CVE-2009-0037
    • URL-downloading library automatically follows redirects to file:// and scp:// URLs

CWE-401 – Missing Release of Memory after Effective Lifetime

Read Time:1 Minute, 35 Second

Description

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-772
CWE-404
CWE-404

 

Consequences

Availability: DoS: Crash, Exit, or Restart, DoS: Instability, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition.

Other: Reduce Performance

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Architecture and Design

Description: 

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Phase: Architecture and Design, Build and Compilation

Description: 

The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code.

This is not a complete solution as it is not 100% effective.

CVE References

  • CVE-2005-3119
    • Memory leak because function does not free() an element of a data structure.
  • CVE-2004-0427
    • Memory leak when counter variable is not decremented.
  • CVE-2002-0574
    • chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.
  • CVE-2005-3181
    • Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code.
  • CVE-2004-0222
    • Memory leak via unknown manipulations as part of protocol test suite.

CWE-402 – Transmission of Private Resources into a New Sphere (‘Resource Leak’)

Read Time:13 Second

Description

The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-668

 

Consequences

Confidentiality: Read Application Data

 

Potential Mitigations

CVE References

CWE-403 – Exposure of File Descriptor to Unintended Control Sphere (‘File Descriptor Leak’)

Read Time:1 Minute, 11 Second

Description

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.

When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-402

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References

  • CVE-2003-0740
    • Server leaks a privileged file descriptor, allowing the server to be hijacked.
  • CVE-2004-1033
    • File descriptor leak allows read of restricted files.
  • CVE-2000-0094
    • Access to restricted resource using modified file descriptor for stderr.
  • CVE-2002-0638
    • Open file descriptor used as alternate channel in complex race condition.
  • CVE-2003-0489
    • Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability.
  • CVE-2003-0937
    • User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor.
  • CVE-2004-2215
    • Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users.
  • CVE-2006-5397
    • Module opens a file for reading twice, allowing attackers to read files.

CWE-404 – Improper Resource Shutdown or Release

Read Time:1 Minute, 33 Second

Description

The program does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-664
CWE-405
CWE-619

 

Consequences

Availability, Other: DoS: Resource Consumption (Other), Varies by Context

Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.

Confidentiality: Read Application Data

When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation.

 

Potential Mitigations

Phase: Requirements

Description: 

Phase: Implementation

Description: 

It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.

Phase: Implementation

Description: 

Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].

Phase: Implementation

Description: 

When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.

CVE References

  • CVE-1999-1127
    • Does not shut down named pipe connections if malformed data is sent.
  • CVE-2001-0830
    • Sockets not properly closed when attacker repeatedly connects and disconnects from server.
  • CVE-2002-1372
    • Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.

CWE-405 – Asymmetric Resource Consumption (Amplification)

Read Time:41 Second

Description

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.

Modes of Introduction:

– Operation

 

 

Related Weaknesses

CWE-664

 

Consequences

Availability: DoS: Amplification, DoS: Resource Consumption (Other)

Sometimes this is a factor in “flood” attacks, but other types of amplification exist.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

An application must make resources available to a client commensurate with the client’s access level.

Phase: Architecture and Design

Description: 

An application must, at all times, keep track of allocated resources and meter their usage appropriately.

CVE References

CWE-406 – Insufficient Control of Network Message Volume (Network Amplification)

Read Time:1 Minute, 39 Second

Description

The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.

In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended to serve as an amplifying attack on target systems. Systems can often be configured to restrict the amount of traffic sent out on behalf of a client, based on the client’s origin or access level. This is usually defined in a resource allocation policy. In the absence of a mechanism to keep track of transmissions, the system or application can be easily abused to transmit asymmetrically greater traffic than the request or client should be permitted to.

Modes of Introduction:

– Operation

 

 

Related Weaknesses

CWE-405

 

Consequences

Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)

System resources can be quickly consumed leading to poor application performance or system crash. This may affect network performance and could be used to attack other systems and applications relying on network performance.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

An application must make network resources available to a client commensurate with the client’s access level.

Phase: Policy

Description: 

Define a clear policy for network resource allocation and consumption.

Phase: Implementation

Description: 

An application must, at all times, keep track of network resources and meter their usage appropriately.

CVE References

  • CVE-1999-0513
    • Classic “Smurf” attack, using spoofed ICMP packets to broadcast addresses.
  • CVE-1999-1379
    • DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.
  • CVE-2000-0041
    • Large datagrams are sent in response to malformed datagrams.
  • CVE-2013-5211
    • composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.

CWE-407 – Inefficient Algorithmic Complexity

Read Time:1 Minute, 33 Second

Description

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Low

 

Related Weaknesses

CWE-405

 

Consequences

Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)

The typical consequence is CPU consumption, but memory consumption and consumption of other resources can also occur.

 

Potential Mitigations

CVE References

  • CVE-2003-0244
    • CPU consumption via inputs that cause many hash table collisions.
  • CVE-2003-0364
    • CPU consumption via inputs that cause many hash table collisions.
  • CVE-2002-1203
    • Product performs unnecessary processing before dropping an invalid packet.
  • CVE-2004-2527
    • Product allows attackers to cause multiple copies of a program to be loaded more quickly than the program can detect that other copies are running, then exit. This type of error should probably have its own category, where teardown takes more time than initialization.
  • CVE-2006-6931
    • Network monitoring system allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a “backtracking attack.”
  • CVE-2006-3380
    • Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.
  • CVE-2006-3379
    • Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.
  • CVE-2005-2506
    • OS allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
  • CVE-2005-1792
    • Memory leak by performing actions faster than the software can clear them.

CWE-408 – Incorrect Behavior Order: Early Amplification

Read Time:25 Second

Description

The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-405
CWE-696

 

Consequences

Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash.

 

Potential Mitigations

CVE References

  • CVE-2004-2458
    • Tool creates directories before authenticating user.