The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
N/A
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: CVE-2001-1555
Terminal privileges are not reset when a user logs out.
CVE: CVE-2001-1514
Does not properly pass security context to child processes in certain cases, allows privilege escalation.
CVE: CVE-2001-0128
Does not properly compute roles.
CVE: CVE-1999-1193
untrusted user placed in unix "wheel" group
CVE: CVE-2005-2741
Product allows users to grant themselves certain rights that can be used to escalate privileges.
CVE: CVE-2005-2496
Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.
CVE: CVE-2004-0274
Product mistakenly assigns a particular status to an entity, leading to increased privileges.
CVE: CVE-2007-4217
FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.
CVE: CVE-2007-5159
OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.
CVE: CVE-2008-4638
Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).
CVE: CVE-2007-3931
Installation script installs some programs as setuid when they shouldn't be.
CVE: CVE-2002-1981
Roles have access to dangerous procedures (Accessible entities).
CVE: CVE-2002-1671
Untrusted object/method gets access to clipboard (Accessible entities).
CVE: CVE-2000-0315
Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).
CVE: CVE-2000-0506
User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).
| Phase | Note |
|---|---|
| Architecture and Design | N/A |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation | N/A |
Intro: This code temporarily raises the program's privileges to allow creation of a new user folder.
Body: While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur.
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return TrueIntro: The following example demonstrates the weakness.
seteuid(0); /* do some stuff */ seteuid(getuid());Intro: The following example demonstrates the weakness.
AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: System.loadLibrary("awt"); return null; // nothing to return }Intro: This code intends to allow only Administrators to print debug information about a system.
Body: While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of "GUEST". Someone with the role of "ADMIN" or "USER" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system.
public enum Roles { ADMIN,USER,GUEST } public void printDebugInfo(User requestingUser){ if(isAuthenticated(requestingUser)){ switch(requestingUser.role){ case GUEST: System.out.println("You are not authorized to perform this command"); break; default: System.out.println(currentDebugState()); break; } } else{ System.out.println("You must be logged in to perform this command"); } }Intro: This code allows someone with the role of "ADMIN" or "OPERATOR" to reset a user's password. The role of "OPERATOR" is intended to have less privileges than an "ADMIN", but still be able to help users with small issues such as forgotten passwords.
Body: This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account.
public enum Roles { ADMIN,OPERATOR,USER,GUEST } public void resetPassword(User requestingUser, User user, String password ){ if(isAuthenticated(requestingUser)){ switch(requestingUser.role){ case GUEST: System.out.println("You are not authorized to perform this command"); break; case USER: System.out.println("You are not authorized to perform this command"); break; default: setPassword(user,password); break; } } else{ System.out.println("You must be logged in to perform this command"); } }