CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.8)  

Presentation Filter:

CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

 
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Weakness ID: 403 (Weakness Base)Status: Draft
+ Description

Description Summary

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.

Extended Description

When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.

+ Alternate Terms
File descriptor leak:

While this issue is frequently called a file descriptor leak, the "leak" term is often used in two different ways - exposure of a resource, or consumption of a resource. Use of this term could cause confusion.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

Operating Systems

UNIX

+ Common Consequences
ScopeEffect
Confidentiality
Integrity

Technical Impact: Read application data; Modify application data

+ Observed Examples
ReferenceDescription
Server leaks a privileged file descriptor, allowing the server to be hijacked.
File descriptor leak allows read of restricted files.
Access to restricted resource using modified file descriptor for stderr.
Open file descriptor used as alternate channel in complex race condition.
Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability.
User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor.
Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users.
Module opens a file for reading twice, allowing attackers to read files.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class402Transmission of Private Resources into a New Sphere ('Resource Leak')
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory634Weaknesses that Affect System Processes
Resource-specific Weaknesses (primary)631
ChildOfCategoryCategory743CERT C Secure Coding Section 09 - Input Output (FIO)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory877CERT C++ Secure Coding Section 09 - Input Output (FIO)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory963SFP Secondary Cluster: Exposed Data
Software Fault Pattern (SFP) Clusters (primary)888
+ Affected Resources
  • System Process
  • File/Directory
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUNIX file descriptor leak
CERT C Secure CodingFIO42-CEnsure files are properly closed when they are no longer needed
CERT C++ Secure CodingFIO42-CPPEnsure files are properly closed when they are no longer needed
Software Fault PatternsSFP23Exposed Data
+ References
Paul Roberts. "File descriptors and setuid applications". 2007-02-05. <https://blogs.oracle.com/paulr/entry/file_descriptors_and_setuid_applications>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable_Platforms, Relationships, Taxonomy_Mappings
2008-11-24CWE Content TeamMITREInternal
updated Affected_Resources, Observed_Examples, Relationships, Taxonomy_Mappings
2011-03-29CWE Content TeamMITREInternal
updated Name
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2011-09-13CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2013-02-21CWE Content TeamMITREInternal
updated Alternate_Terms, Description, Name, Observed_Examples, References
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
Previous Entry Names
Change DatePrevious Entry Name
2011-03-29UNIX File Descriptor Leak
2013-02-21Exposure of File Descriptor to Unintended Control Sphere
Page Last Updated: July 30, 2014