CWE-282: Improper Ownership Management
Improper Ownership Management
Weakness ID: 282 (Weakness Class) Status: Draft
Description
Description Summary
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource .
Time of Introduction
Common Consequences
Scope Effect
Access Control
Technical Impact: Gain privileges / assume
identity
Observed Examples
Reference Description
CVE-1999-1125 Program runs setuid root but relies on a
configuration file owned by a non-root user.
Potential Mitigations
Phases: Architecture and Design; Operation
Very carefully manage the setting, management, and handling of
privileges. Explicitly manage trust zones in the software.
Relationships
Affected Resources
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name
PLOVER Ownership errors
Maintenance Notes
The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664 ) and protection mechanism failures (CWE-396 ).
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Maintenance_Notes, Relationships,
Taxonomy_Mappings 2009-12-28 CWE Content Team MITRE Internal updated Potential_Mitigations 2010-06-21 CWE Content Team MITRE Internal updated Potential_Mitigations 2011-03-29 CWE Content Team MITRE Internal updated Relationships 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-04-11 Ownership
Issues