Read Time:26 Second

Description

The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284

 

Consequences

Access Control: Gain Privileges or Assume Identity

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

CVE References

  • CVE-1999-1125
    • Program runs setuid root but relies on a configuration file owned by a non-root user.