CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-459: Incomplete Cleanup

Weakness ID: 459
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
+ Alternate Terms
Insufficient Cleanup
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Other
Confidentiality
Integrity

Technical Impact: Other; Read application data; Modify application data; DoS: resource consumption (other)

It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem.

+ Demonstrative Examples

Example 1

Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).

(Bad Code)
Example Language: Java 
try {
InputStream is = new FileInputStream(path);
byte b[] = new byte[is.available()];
is.read(b);
is.close();
} catch (Throwable t) {
log.error("Something bad happened: " + t.getMessage());
}
+ Observed Examples
ReferenceDescription
World-readable temporary file not deleted after use.
Temporary file not deleted after use, leaking database usernames and passwords.
Interaction error creates a temporary file that can not be deleted due to strong permissions.
Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).
Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).
Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).
Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).
Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).
Users not logged out when application is restarted after security-relevant changes were made.
+ Potential Mitigations

Phases: Architecture and Design; Implementation

Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Research Concepts (primary)1000
ChildOfCategoryCategory452Initialization and Cleanup Errors
Development Concepts (primary)699
ChildOfCategoryCategory731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfCategoryCategory857CERT Java Secure Coding Section 12 - Input Output (FIO)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ChildOfCategoryCategory982SFP Secondary Cluster: Failure to Release Resource
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base226Sensitive Information Uncleared Before Release
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant460Improper Cleanup on Thrown Exception
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant568finalize() Method Without super.finalize()
Research Concepts (primary)1000
+ Relationship Notes

CWE-459 is a child of CWE-404 because, while CWE-404 covers any type of improper shutdown or release of a resource, CWE-459 deals specifically with a multi-step shutdown process in which a crucial step for "proper" cleanup is omitted or impossible. That is, CWE-459 deals specifically with a cleanup or shutdown process that does not successfully remove all potentially sensitive data.

Overlaps other categories such as permissions and containment. Concept needs further development. This could be primary (e.g. leading to infoleak) or resultant (e.g. resulting from unhandled error conditions or early termination).

+ Functional Areas
  • File processing
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERIncomplete Cleanup
OWASP Top Ten 2004A10CWE More SpecificInsecure Configuration Management
CERT Java Secure CodingFIO04-JRelease resources when they are no longer needed
CERT Java Secure CodingFIO00-JDo not operate on files in shared directories
Software Fault PatternsSFP14Failure to release resource
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings
2009-05-27CWE Content TeamMITREInternal
updated Relationship_Notes, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-06-23CWE Content TeamMITREInternal
updated Common_Consequences, Other_Notes, Relationship_Notes
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017