|
|
|
|
CWE-426 Individual Dictionary Definition (Draft 9)
Compound Element ID
| Status: Draft 426 (Compound Element Base: Composite) | | Description | Summary If a function performs automatic path searching for resources and an attacker can influence that
path, then the attacker may be able to redirect the search path to point to resources under the
control of the attacker. | | Alternate Terms | Untrusted Path | | Functional Area | Program invocation, code libraries. | | Likelihood of Exploit | High | | Affected Resource | System Process | | Common Consequences | Authorization: There is the potential for arbitrary code execution
with privileges of the vulnerable program. | | Potential Mitigations | Implementation: Use other functions which require explicit paths. Making use
of any of the other readily available functions which require explicit paths is a
safe way to avoid this problem. | | Observed Examples | | Reference | Description |
|---|
| CVE-1999-1120 | Application relies on its PATH environment variable to find and execute
program. | | CVE-2002-0470 | Application relies on its PATH environment variable to find and execute
program. | | CVE-2007-2027 | Chain: untrusted search path enabling resultant
format string by loading malicious internationalization messages. |
| | Research Gaps | Search path issues on Windows are under-studied and possibly under-reported. | | Relationships | | | Source Taxonomies | PLOVER - Untrusted Search Path CLASP - Relative path library search | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 38 | Leveraging/Manipulating Configuration File Search Paths |
|
|