Tag Archives: CVE-2006-7049

CWE

CWE-683 – Function Call With Incorrect Order of Arguments

Read Time:56 Second

Description

The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.

While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-628

 

Consequences

Other: Quality Degradation

 

Potential Mitigations

Phase: Implementation

Description: 

Use the function, procedure, or routine as specified.

Phase: Testing

Description: 

Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type.

CVE References

  • CVE-2006-7049
    • Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.
CWE

CWE-628 – Function Call with Incorrectly Specified Arguments

Read Time:46 Second

Description

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-573

 

Consequences

Other, Access Control: Quality Degradation, Gain Privileges or Assume Identity

This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources.

 

Potential Mitigations

Phase: Build and Compilation

Description: 

Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA.

Phase: Architecture and Design

Description: 

Make sure your API’s are stable before you use them in production code.

CVE References

  • CVE-2006-7049
    • The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.