VIEW SLICE: CWE-2000: Comprehensive CWE Dictionary
(Draft 9)
View ID
| Status: Draft 2000 (View) | | Objective | This view (slice) covers all the elements in CWE. | | View Data | Filter Used: true() | CWEs in this view | | Total CWEs |
|---|
| Total | 695 | out of | 695 | | Views | 14 | out of | 14 | | Categories | 64 | out of | 64 | | Weaknesses | 605 | out of | 605 | | Compound_Elements | 12 | out of | 12 |
|
View Components View Components A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
Weakness ID
| Status: Draft 36 (Weakness Base) | | Description | Summary The software, when constructing
file or directory names from input, does not properly
sanitize absolute path sequences such as "/path/here." | | Potential Mitigations | see "Path Traversal" (CWE-22) | | Relationships | | | Source Taxonomies | PLOVER - Absolute Path Traversal | | Applicable Platforms | All |
Weakness ID
| Status: Draft 349 (Weakness Base) | | Description | Summary The software, when processing trusted data, accepts any untrusted data that is also
included with the trusted data, treating the untrusted
data as if it were trusted. | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-0018 | Does not verify that trusted entity is authoritative for all entities in its
response. |
| | Relationships | | | Source Taxonomies | PLOVER - Untrusted Data Appended with Trusted Data | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 75 | Manipulating Writeable Configuration Files |
|
Weakness ID
| Status: Incomplete 639 (Weakness Variant) | | Description | Summary The system's access control functionality does not prevent one user from gaining access to another user's records by modifying
the key value identifying the record. Retrieval of a user record occurs in the system based on some key value that is under user control.
The key would typically identify a user related record stored in the system and would be used to lookup that
record for presentation to the user. It is likely that an attacker would have to be an authenticated user in the system. However, the authorization
process would not properly check the data access operation to ensure that the authenticated user performing the operation has sufficient
entitlements to perform the requested data access, hence bypassing any other authorization checks present in the system. One manifestation
of this weakness would be if a system used sequential or otherwise easily guessable session ids that would allow one user
to easily switch to another user's session and view/modify their data. | | Likelihood of Exploit | High | | Common Consequences | Access control checks for specific user data or functionality can be bypassed. Horizontal escalation of privilege is possible (one user can view/modify information of another user) Vertical escalation of privilege is possible if the user controlled key is actually an admin flag allowing to gain administrative access | | Enabling Factors for Exploitation |
The key used internally in the system to identify the user record can be externally controlled. For example attackers can look at places where user specific data is retrieved (e.g. search screens) and determine whether the key for the item being looked
up is controllable externally. The key may be a hidden field in the HTML form field, might be passed as a URL parameter
or as an unencrypted cookie variable, then in each of these cases it will be possible to tamper with the key value.
| | Potential Mitigations |
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any
tampering can be detected.
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature
with the key so that the server can verify that there has been no tampering..
Ensure that access control mechanisms cannot be bypassed by ensuring that the user has sufficient privilege to access the record
that is being requested given his authenticated identity on each and every data access.
| | Relationships | | | Applicable Platforms | All | | Time of Introduction | Architecture and Design |
Weakness ID
| Status: Incomplete 566 (Weakness Variant) | | Description | Summary Without proper access control, executing a SQL statement that contains a user-controlled
primary key can allow an attacker to view unauthorized records. | Demonstrative Examples | The following code uses a parameterized statement, which escapes metacharacters and
prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches
for an invoice matching the specified identifier [1]. The identifier is selected from a
list of all invoices associated with the current authenticated user. ... conn = new SqlConnection(_ConnectionString); conn.Open(); int16 id = System.Convert.ToInt16(invoiceID.Text); SqlCommand query = new SqlCommand( "SELECT * FROM invoices WHERE id = @id", conn); query.Parameters.AddWithValue("@id", id); SqlDataReader objReader = objCommand.ExecuteReader(); ... The problem is that the developer has failed to consider all of the possible values
of id. Although the interface generates a list of invoice identifiers that belong to the
current user, an attacker can bypass this interface to request any desired invoice.
Because the code in this example does not check to ensure that the user has permission to
access the requested invoice, it will display any invoice, even if it does not belong to
the current user. | | Context Notes | Database access control errors occur when: 1. Data enters a program from an untrusted
source. 2. The data is used to specify the value of a primary key in a SQL query. | | Relationships | | | Source Taxonomies | Anonymous Tool Vendor (under NDA) - |
Weakness ID
| Status: Incomplete 284 (Weakness Class) | | Description | Summary Improper administration of the permissions to the users of a system can result in
unintended access to sensitive files. An access control list (ACL) represents who/what has
permissions to a given object. Different operating systems implement (ACLs) in different ways. In
UNIX, there are three types of permissions: read, write, and execute. Users are divided into three
classes for file access: owner, group owner, and all other users where each class has a separate
set of rights. In Windows NT, there are four basic types of permissions for files: "No access",
"Read access", "Change access", and "Full control". Windows NT extends the concept of three types
of users in UNIX to include a list of users and groups along with their associated permissions. A
user can create an object (file) and assign specified permissions to that object. | | Affected Resource | File/Directory | | Potential Mitigations | Very carefully manage the setting, management and handling of privileges. Explicitly
manage trust zones in the software. Design: Ensure that appropriate compartmentalization is built into the system design
and that the compartmentalization serves to allow for and further reinforce privilege
separation functionality. Architects and designers should rely on the principle of least
privilege to decide when it is appropriate to use and to drop system privileges. | | Context Notes | This item needs more work. Possible sub-categories include: -Trusted group includes
undesired entities - Group can perform undesired actions - ACL parse error does not fail closed. | | Relationships | | | Source Taxonomies | PLOVER - Access Control List (ACL) errors | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 19 | Embedding Scripts within Scripts |
|
Weakness ID
| Status: Incomplete 464 (Weakness Base) | | Description | Summary The accidental addition of a data-structure sentinel can cause serious programming logic
problems. | | Likelihood of Exploit | High to Very High | | Common Consequences | Availability: Generally this error will cause the data structure to not work
properly by truncating the data. | | Potential Mitigations | Pre-design: Use a language or compiler that performs automatic bounds checking. Design: Use an abstraction library to abstract away risky APIs. Not a complete
solution. Pre-design through Build: Compiler-based canary mechanisms such as StackGuard,
ProPolice, and Microsoft Visual Studio /GS flag. Unless this provides automatic bounds
checking, it is not a complete solution. Operational: Use OS-level preventative functionality. Not a complete
solution. | Demonstrative Examples | C/C++ Example: char *foo; foo=malloc(sizeof(char)*4); foo[0]='a'; foo[1]='a'; foo[2]=0; foo[3]='c'; printf("%c %c %c %c %c \n",foo[0],foo[1],foo[2],foo[3]); printf("%s\n",foo); | | Context Notes | Data-structure sentinels are often used to mark structure of the data structure. A
common example of this is the null character at the end of strings. Another common example is
linked lists which may contain a sentinel to mark the end of the list. It is, of course dangerous,
to allow this type of control data to be easily accessible. Therefore, it is important to protect
from the addition or modification outside of some wrapper interface which provides safety. By
adding a sentinel, one potentially could cause data to be truncated early. | | Relationships | | | Source Taxonomies | CLASP - Addition of data-structure sentinel | | Applicable Platforms | C C++ |
Weakness ID
| Status: Incomplete 407 (Weakness Base) | | Description | Summary An algorithm in a product has an inefficient worst-case computational
complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations
that ensure that the worst case is being reached. | | Common Consequences | The typical consequence is CPU consumption, but memory consumption
and consumption of other resources can also occur. | | Observed Examples | | Reference | Description |
|---|
| CVE-2003-0244 | CPU consumption via inputs that cause many hash table collisions. | | CVE-2003-0364 | CPU consumption via inputs that cause many hash table collisions. | | CVE-2002-1203 | Product performs unnecessary processing before dropping an invalid packet. | | CVE-2001-1501 | CPU and memory consumption using many wildcards. | | CVE-2004-2527 | Product allows attackers to cause multiple copies of a program to be loaded
more quickly than the program can detect that other copies are running, then exit.
This type of error should probably have its own category, where teardown takes more
time than initialization. | | CVE-2006-6931 | | | CVE-2006-3380 | | | CVE-2006-3379 | | | CVE-2005-2506 | | | CVE-2005-1792 | Memory leak by performing actions faster than the software can clear them. |
| | Context Notes | Similar issues can occur in cryptography. | | References | | | Relationships | | | Source Taxonomies | PLOVER - Algorithmic Complexity | | Applicable Platforms | All |
Weakness ID
| Status: Draft 87 (Weakness Variant) | | Description | Summary The software fails to adequately filter user-controlled input for alternate script syntax. | | Potential Mitigations | Resolve all filtered input to absolute or canonical representations before processing. Carefully check each input parameter against a rigorous positive
specification (white list) defining the specific characters and format allowed. All
input should be sanitized, not just parameters that the user is supposed to specify,
but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL
itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities
is to validate only fields that are expected to be redisplayed by the site. We often
encounter data from the request that is reflected by the application server or the
application that the development team did not anticipate. Also, a field that is not
currently reflected may be used by a future developer. Therefore, validating ALL
parts of the HTTP request is recommended. This involves "HTML Entity Encoding" all non-alphanumeric characters from
data that was received from the user and is now being written to the request. With Struts, you should write all data from form beans with the bean's
filter attribute set to true. Additionally, to help mitigate XSS attacks against the user's session
cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly
feature (such as Internet Explorer), this attribute prevents the user's session
cookie from being accessed by client-side scripts, including scripts inserted due to
a XSS attack. | | Observed Examples | | | Relationships | | | Source Taxonomies | PLOVER - Alternate XSS syntax | | Applicable Platforms | All |
Weakness ID
| Status: Draft 670 (Weakness Class) | | Description | Summary The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated. Extended Description This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways. | | Context Notes | This issue typically appears in rarely-tested code, since the "always-incorrect" nature will be detected as a bug during normal usage. This node could possibly be split into lower-level nodes. "Early Return" is for returning control to the caller too soon (e.g., CWE-584). "Excess Return" is when control is returned too far up the call stack (CWE-600, CWE-395). "Improper control limitation" occurs when the product maintains control at a lower level of execution, when control should be returned "further" up the call stack (CWE-455). "Incorrect syntax" covers code that's "just plain wrong" such as CWE-484 and CWE-483. | | Relationships | |
Weakness ID
| Status: Incomplete 71 (Weakness Variant) | | Description | Summary Software operating in a MAC OS environment where .DS_Store is in effect must carefully
manage hard links otherwise an attacker may be able to leverage a hard link from .DS_Store to
overwrite arbitrary files and gain privileges. | | Observed Examples | | Reference | Description |
|---|
| BUGTRAQ:20010910 | More security problems in Apache on Mac OS X | | CVE-2005-0342 | The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files
and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. |
| | Research Gaps | Under-studied | | Relationships | | | Source Taxonomies | PLOVER - DS - Apple '.DS_Store | | Applicable Platforms | All |
Weakness ID
| Status: Incomplete 72 (Weakness Variant) | | Description | Summary The Apple HFS+ file system permits files to have multiple data input streams. If an
attacker can create/access a data input stream directly or indirectly (e.g. through Apache), then
he/she may be able to access the file data or resource fork. | | Observed Examples | | | Context Notes | Fault: multiple identifiers, non-atomic object | | Research Gaps | Under-studied | | Relationships | | | Source Taxonomies | PLOVER - Apple HFS+ alternate data stream | | Applicable Platforms | All |
Weakness ID
| Status: Draft 88 (Weakness Base) | | Description | Summary The software does not sufficiently delimit the arguments being passed to a component in another control sphere, allowing alternate arguments to be provided, leading to potentially security-relevant changes. | | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Causal Nature | Explicit (This is an explicit weakness resulting from behavior of the developer) | | Affected Resource | System Process | | Potential Mitigations | Avoid using user-controlled input in command arguments. Assume all input is malicious. Use an appropriate combination of black lists
and white lists to ensure only valid and expected input is processed by the system. | | Observed Examples | | Reference | Description |
|---|
| CVE-1999-0113 | Canonical Example | | CVE-2001-0150 | | | CVE-2001-0667 | | | CVE-2002-0985 | | | CVE-2003-0907 | | | CVE-2004-0121 | | | CVE-2004-0473 | | | CVE-2004-0480 | | | CVE-2004-0489 | | | CVE-2004-0411 | | | CVE-2005-4699 | Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to
modify command line arguments for the Whois program and obtain sensitive information via "--"
style options in the q_Host parameter. | | CVE-2006-1865 | Beagle before 0.2.5 can produce certain insecure command lines to launch external
helper applications while indexing, which allows attackers to execute arbitrary commands.
NOTE: it is not immediately clear whether this issue involves argument injection, shell
metacharacters, or other issues. | | CVE-2006-2056 | Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows
user-assisted remote attackers to modify command line arguments to an invoked mail client via
" (double quote) characters in a mailto: scheme handler, as demonstrated by launching
Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether
this issue is implementation-specific or a problem in the Microsoft API. | | CVE-2006-2057 | Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote
attackers to modify command line arguments to an invoked mail client via " (double quote)
characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an
arbitrary filename as an attachment. NOTE: it is not clear whether this issue is
implementation-specific or a problem in the Microsoft API. | | CVE-2006-2058 | Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted
remote attackers to modify command line arguments to an invoked mail client via " (double
quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook
with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is
implementation-specific or a problem in the Microsoft API. | | CVE-2006-2312 | Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0
through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files
via a URL that contains certain command-line switches. | | CVE-2006-3015 | Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to
upload or download arbitrary files via encoded spaces and double-quote characters in a scp or
sftp URI. | | CVE-2006-4692 | Argument injection vulnerability in the Windows Object Packager (packager.exe) in
Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted
attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the
filename of the Command Line property, followed by a valid file extension, which causes the
command before the slash to be executed, aka "Object Packager Dialogue Spoofing
Vulnerability." | | CVE-2006-6597 | Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote
attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI,
which is configured to use hawin32.exe. | | CVE-2007-0882 | Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and
11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the
login program to skip authentication, which allows remote attackers to log into certain
accounts, as demonstrated by the bin account. |
| | Context Notes | At one layer of abstraction, this can overlap other weaknesses that have whitespace
problems, e.g. injection of javascript into attributes of HTML tags. Fault: unquoted special characters, input restriction error, unquoted special terms,
whitespace | | References | | | Relationships | | | Source Taxonomies | PLOVER - Argument Injection or Modification | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 88 | OS Command Injection | | 41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
|
Weakness ID
| Status: Draft 582 (Weakness Variant) | | Description | Summary The program declares an
array public, final, and static, which is not sufficient to prevent the array's contents from being modified. Extended Description Because arrays are mutable objects, the final constraint requires
that the array object itself be assigned only once, but makes no guarantees about the values of
the array elements. Since the array is public, a malicious program can change the values stored
in the array.
| | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Potential Mitigations | In most situations the array should be made private. | Demonstrative Examples | The following Java Applet code mistakenly declares an array public, final
and static. public final class urlTool extends Applet { public final static URL[] urls; ... } Mobile code, in this case a Java Applet, is code that is transmitted
across a network and executed on a remote machine. Because mobile code
developers have little if any control of the environment in which their code
will execute, special security concerns become relevant. One of the biggest
environmental threats results from the risk that the mobile code will run
side-by-side with other, potentially malicious, mobile code. Because all of the
popular web browsers execute code from multiple sources together in the same
JVM, many of the security guidelines for mobile code are focused on preventing
manipulation of your objects' state and behavior by adversaries who have access
to the same virtual machine where your program is running. | | Context Notes | In most cases an array declared public, final and static is a bug. | | Relationships | | | Applicable Platforms | Java |
Category ID
| Status: Incomplete 10 (Category) | | Description | Summary ASP.NET framework/language related environment issues with security implications. | | Relationships | |
Weakness ID
| Status: Draft 11 (Weakness Variant) | | Description | Summary Debugging messages help attackers learn about the system and plan a form of attack. | | Potential Mitigations | Avoid releasing debug binaries into the production environment. | | Context Notes | ASP .NET applications can be configured to produce debug binaries. These binaries give
detailed debugging messages and should not be used in production environments. The debug attribute
of the tag defines whether compiled binaries should include debugging
information. The use of debug binaries causes an application to provide as much information about
itself as possible to the user. Debug binaries are meant to be used in a development or testing
environment and can pose a security risk if they are deployed to production. Attackers can
leverage the additional information they gain from debugging output to mount attacks targeted on
the framework, database, or other resources used by the application. | | Relationships | | | Source Taxonomies | 7 Pernicious Kingdoms - ASP.NET Misconfiguration: Creating Debug Binary | | Applicable Platforms | .NET |
Weakness ID
| Status: Draft 12 (Weakness Variant) | | Description | Summary An ASP .NET application must enable custom error pages in order to prevent attackers from
mining information from the framework's built-in responses. | | Potential Mitigations | Handle exceptions appropriately in source code. Do not attempt to process an error or attempt to mask it. Verify return values are correct and do not supply sensitive information about the
system. | | Context Notes | ASP .NET applications should be configured to use custom error pages instead of the
framework default page. The default error page gives detailed information about the error that
occurred, and should not be used in production environments. The mode attribute of the
tag defines whether custom or default error pages are used. Attackers
can leverage the additional information provided by a default error page to mount attacks targeted
on the framework, database, or other resources used by the application. | | References | M. Howard,
D. LeBlanc and J. Viega.
"19 Deadly Sins of Software Security". McGraw-Hill/Osborne. 2005. | | Relationships | | | Source Taxonomies | 7 Pernicious Kingdoms - ASP.NET Misconfiguration: Missing Custom Error Handling | | Applicable Platforms | .NET |
Weakness ID
| Status: Draft 554 (Weakness Class) | | Description | Summary The ASP.NET application does not use an input validation framework. Extended Description Unchecked input is the leading cause of vulnerabilities in ASP.NET applications.
Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities,
among others. | | Potential Mitigations | Use the ASP.NET validation framework to check all program input before it is processed
by the application. Example uses of the validation framework include checking to ensure that:
- Phone number fields contain only valid characters in phone numbers - Boolean values are only
"T" or "F" - Free-form strings are of a reasonable length and composition | | Context Notes | In certain versions of ASP.Net, there is an input validation error that allows a
malicious user to input some ASCII characters in a special Unicode encoding in the range ff00 to
ff60. When the response encoding is not Unicode, these characters are decoded to their ASCII
values, and this way can be used to launch cross site scripting attacks. The relevant Unicode
strings are %uff1c, which is decoded to <, and %uff1e, which is decoded to >. | | Relationships | | | Source Taxonomies | Anonymous Tool Vendor (under NDA) - | | Applicable Platforms | .NET |
Weakness ID
| Status: Draft 13 (Weakness Variant) | | Description | Summary Storing a plaintext password in a configuration file allows anyone who can read the file
access to the password-protected resource making them an easy target for attackers. | | Potential Mitigations | Good password management guidelines require that a password never be stored in
plaintext. | | Relationships | | | Source Taxonomies | 7 Pernicious Kingdoms - ASP.NET Misconfiguration: Password in Configuration File |
Weakness ID
| Status: Incomplete 556 (Weakness Variant) | | Description | Summary Configuring an ASP.NET application to run with impersonated credentials may give the
application unnecessary privileges. The use of impersonated credentials allows an ASP.NET
application to run with either the privileges of the client on whose behalf it is executing or
with arbitrary privileges granted in its configuration. | | Relationships | | | Source Taxonomies | Anonymous Tool Vendor (under NDA) - |
Weakness ID
| Status: Draft 481 (Weakness Variant) | | Description | Summary The code uses an operator for assignment when the intention was to perform a comparison. Extended Description In many languages the compare statement is very close in appearance to the
assignment statement and are often confused.
| | Likelihood of Exploit | Low | | Potential Mitigations | Pre-design: Through Build: Many IDEs and static analysis products will
detect this problem. Implementation: Place constants on the left. If one attempts to assign a
constant with a variable, the compiler will of course produce an error. | Demonstrative Examples | void called(int foo){ if (foo=1) printf("foo\n"); } int main() { called(2); return 0; } | | Context Notes | This bug is generally as a result of a typo and usually should cause obvious
problems with program execution. If the comparison is in an if statement, the if
statement will always return the value of the right-hand side variable. | | Relationships | | | Source Taxonomies | CLASP - Assigning instead of comparing | | Applicable Platforms | C C++ Java .NET |
Weakness ID
| Status: Draft 587 (Weakness Base) | | Description | Summary The software sets a pointer to a specific address other than NULL or 0. Extended Description If the pointer is set to a specific address, that address will probably not be valid in all environments or platforms. | | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Potential Mitigations | Implementation: Never set a pointer to a fixed address. | Demonstrative Examples | C Example: int (*pt2Function) (float, char, char)=0x08040000; int result2 = (*pt2Function) (12, 'a', 'b'); // Here we can inject code to execute. | | Context Notes | Consequence: Integrity: If one executes code at a known location, one might be able to
inject code there beforehand. Consequence: Confidentiality: The data at a known pointer location can be easily read. Most often, this issue will only result in a crash, but in circumstances where a user
can influence the data at which the pointer points to, it may result in code execution. At best,
using fixed addresses is not portable. | | Relationships | | | Applicable Platforms | C C++ C# Assembly |
Weakness ID
| Status: Incomplete 405 (Weakness Class) | | Description | Summary Software that fails to appropriately monitor or control resource consumption can lead to
adverse system performance. This situation is amplified if the software allows malicious users or attackers
to consume more resources than their access level permits. Exploiting such a weakness can lead to
asymmetric resource consumption, aiding in amplification attacks against the system or the network. | | Functional Area | Non-specific | | Potential Mitigations | An application must make resources available to a client commensurate with the client's access level. An application must, at all times, keep track of allocated resources and meter their usage appropriately. | | Context Notes | There are probably several sub-types besides these. Sometimes this is a factor in "flood" attacks, but other types of amplification exist. | | Relationships | | | Source Taxonomies | PLOVER - Asymmetric resource consumption (amplification) | | Applicable Platforms | All |
Weakness ID
| Status: Incomplete 588 (Weakness Variant) | | Description | Summary Casting a non-structure type to a structure type and accessing a field can lead to memory
access errors or data corruption. | | Potential Mitigations | Requirements specification: The choice could be made to use a language that is not
susceptible to these issues. Implementation: Review of type casting operations can identify locations where
incompatible types are cast. | Demonstrative Examples | C Example: int main(int argc, char **argv) { struct foo { int i; } *foo = (struct foo *)main; foo->i = 2; return foo->i; } | | Context Notes | Consequence: Data Corruption: Adjacent variables in memory may be corrupted by
assignments performed on fields after the cast. Consequence: Availability: Execution may end due to a memory access error. | | Relationships | |
Weakness ID
| Status: Draft 593 (Weakness Variant) | | Description | Summary The software modifies the SSL context after connection
creation has begun. | | Common Consequences | Authentication: no authentication takes place in
this process, bypassing an assumed protection of encryption Confidentiality: the encrypted communication
between a user and a trusted host may be subject to a "man in
the middle" sniffing attack | | Potential Mitigations | Design: Use a language which provides a cryptography
framework at a higher level of abstraction. Implementation: Most SSL_CTX functions have SSL
counterparts that act on SSL-type objects. | Demonstrative Examples | C Example: #define CERT "secret.pem" #define CERT2 "secret2.pem" int main(){ SSL_CTX *ctx; SSL *ssl; init_OpenSSL(); seed_prng(); ctx = SSL_CTX_new(SSLv23_method()); if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1) int_error("Error loading certificate from file"); if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1) int_error("Error loading private key from file"); if (!(ssl = SSL_new(ctx))) int_error("Error creating an SSL context"); if ( SSL_CTX_set_default_passwd_cb(ctx, //a new default password// != 1); int_error("Doing something which is dangerous to do anyways"); if (!(ssl2 = SSL_new(ctx))) int_error("Error creating an SSL context"); } | | Context Notes | Applications should set up an SSL_CTX completely, before
creating SSL objects from it.If one did modify the SSL_CTX object
after creating objects from it, there is the possibility that older
SSL objects created from that context could all be affected by that
change. | | Relationships | | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 94 | Man in the Middle Attack |
|
|