Tag Archives: CVE-2002-0760

CWE-689 – Permission Race Condition During Resource Copy

Read Time:43 Second

Description

The product, while copying or cloning a resource, does not set the resource’s permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-362
CWE-362
CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References

  • CVE-2002-0760
    • Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.
  • CVE-2005-2174
    • Product inserts a new object into database before setting the object’s permissions, introducing a race condition.
  • CVE-2006-5214
    • Error file has weak permissions before a chmod is performed.
  • CVE-2003-0265
    • Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.