CWE-276 缺省权限不正确

admin 2022年1月5日21:05:16CWE(弱点枚举)评论12 views4173字阅读13分54秒阅读模式

CWE-276 缺省权限不正确

Incorrect Default Permissions

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: Medium

基本描述

The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 732 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 732 cwe_View_ID: 1003 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Application Data', 'Modify Application Data']

检测方法

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Inter-application Flow Analysis

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results Interpretation

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Host-based Vulnerability Scanners – Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria
  • Web Application Scanner
  • Web Services Scanner
  • Database Scanners

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Host Application Interface Scanner
Cost effective for partial coverage:
  • Fuzz Tester
  • Framework-based Fuzzer
  • Automated Monitored Execution
  • Forced Path Execution

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Manual Source Code Review (not inspections)
Cost effective for partial coverage:
  • Focused Manual Spotcheck - Focused manual analysis of source

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Context-configured Source Code Weakness Analyzer

Automated Static Analysis

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Configuration Checker

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Formal Methods / Correct-By-Construction
Cost effective for partial coverage:
  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

可能的缓解方案

MIT-1 ['Architecture and Design', 'Operation']

策略:

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

MIT-46 Architecture and Design

策略: Separation of Privilege

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
Ensure that appropriate compartmentalization is built into the system design and that the compartmentalization serves to allow for and further reinforce privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide when it is appropriate to use and to drop system privileges.

分析过的案例

标识 说明 链接
CVE-2005-1941 Executables installed world-writable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1941
CVE-2002-1713 Home directories installed world-readable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1713
CVE-2001-1550 World-writable log files allow information loss; world-readable file has cleartext passwords. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1550
CVE-2002-1711 World-readable directory. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1711
CVE-2002-1844 Windows product uses insecure permissions when installing on Solaris (genesis: port error). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1844
CVE-2001-0497 Insecure permissions for a shared secret key file. Overlaps cryptographic problem. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0497
CVE-1999-0426 Default permissions of a device allow IP spoofing. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0426

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Insecure Default Permissions
CERT C Secure Coding FIO06-C Create files with appropriate access permissions
The CERT Oracle Secure Coding Standard for Java (2011) FIO01-J Create files with appropriate access permission

相关攻击模式

  • CAPEC-1
  • CAPEC-127
  • CAPEC-81

引用

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月5日21:05:16
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-276 缺省权限不正确 http://cn-sec.com/archives/612800.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: