|
|
|
|
CWE-282 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 282 (Weakness Class) | | Description | Summary The software assigns the wrong ownership, or does not properly verify the ownership, of
an object or resource. | | Affected Resource | File/Directory | | Potential Mitigations | Very carefully manage the setting, management and handling of privileges and
permissions. Explicitly manage trust zones in the software. | | Observed Examples | | Reference | Description |
|---|
| CVE-1999-1125 | Program runs setuid root but relies on a configuration file owned by a non-root user. |
| | Relationships | | | Source Taxonomies | PLOVER - Ownership errors | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 35 | Leverage Executable Code in Nonexecutable Files | | 17 | Accessing, Modifying or Executing Executable Files |
|
|