Tag Archives: CVE-2005-1941

CWE-276 – Incorrect Default Permissions

Read Time:46 Second

Description

During installation, installed file permissions are set to allow anyone to modify those files.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-732
CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Phase: Architecture and Design

Description: 

CVE References

  • CVE-2001-1550
    • World-writable log files allow information loss; world-readable file has cleartext passwords.
  • CVE-2002-1844
    • Windows product uses insecure permissions when installing on Solaris (genesis: port error).
  • CVE-2001-0497
    • Insecure permissions for a shared secret key file. Overlaps cryptographic problem.
  • CVE-1999-0426
    • Default permissions of a device allow IP spoofing.