Read Time:26 Second
Description
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Access Control: Gain Privileges or Assume Identity
Potential Mitigations
Phase: Architecture and Design, Operation
Description:
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
CVE References
- CVE-1999-1125
- Program runs setuid root but relies on a configuration file owned by a non-root user.