Any condition where the attacker has the ability to write an
arbitrary value to an arbitrary location, often as the result of a buffer
overflow.
Time of Introduction
Implementation
Applicable Platforms
Languages
C
C++
Common Consequences
Scope
Effect
Access Control
Clearly, write-what-where conditions can be used to write data to
areas of memory outside the scope of a policy. Also, they almost
invariably can be used to execute arbitrary code, which is usually
outside the scope of a program's implicit security policy.
If the attacker can overwrite a pointer's worth of memory (usually 32
or 64 bits), he can redirect a function pointer to his own malicious
code. Even when the attacker can only modify a single byte arbitrary
code execution can be possible. Sometimes this is because the same
problem can be exploited repeatedly to the same effect. Other times it
is because the attacker can overwrite security-critical
application-specific data -- such as a flag indicating whether the user
is an administrator.
Availability
Many memory accesses can lead to program termination, such as when
writing to addresses that are invalid for the current process.
Other
When the consequence is arbitrary code execution, this can often be
used to subvert any other security service.
Likelihood of Exploit
High
Potential Mitigations
Phase
Description
Pre-design: Use a language that provides appropriate memory
abstractions.
Architecture and Design
Integrate technologies that try to prevent the consequences of this
problem.
Implementation
Take note of mitigations provided for other flaws in this taxonomy
that lead to write-what-where conditions.
Operational: Use OS-level preventative functionality integrated after
the fact. Not a complete solution.
Weakness Ordinalities
Ordinality
Description
Resultant
(where the
weakness is typically related to the presence of some other
weaknesses)
Description
