Weakness ID: 282
Abstraction: Class Status: Draft
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or
Time of Introduction
Technical Impact: Gain privileges / assume
Program runs setuid root but relies on a
configuration file owned by a non-root user.
Phases: Architecture and Design; Operation
Very carefully manage the setting, management, and handling of
privileges. Explicitly manage trust zones in the software.
Mapped Taxonomy Name Node ID Fit Mapped Node Name
PLOVER Ownership errors
The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (
CWE-664) and protection mechanism failures ( CWE-396).
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Maintenance_Notes, Relationships,
Taxonomy_Mappings 2009-12-28 CWE Content Team MITRE Internal updated Potential_Mitigations 2010-06-21 CWE Content Team MITRE Internal updated Potential_Mitigations 2011-03-29 CWE Content Team MITRE Internal updated Relationships 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2012-05-11 CWE Content Team MITRE Internal updated Relationships 2014-07-30 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-04-11 Ownership
More information is available — Please select a different filter.