CWE-224 通过候选名称导致的安全相关信息混淆

admin 2022年1月5日21:02:14CWE(弱点枚举)评论12 views1378字阅读4分35秒阅读模式

CWE-224 通过候选名称导致的安全相关信息混淆

Obscured Security-relevant Information by Alternate Name

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 221 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 221 cwe_View_ID: 699 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Non-Repudiation', 'Access Control'] ['Hide Activities', 'Gain Privileges or Assume Identity']

示例代码

This code prints the contents of a file if a user has permission.

bad PHP

function readFile($filename){

$user = getCurrentUser();
$realFile = $filename;

//resolve file if its a symbolic link

if(is_link($filename)){

$realFile = readlink($filename);

}

if(fileowner($realFile) == $user){

echo file_get_contents($realFile);
return;

}
else{

echo 'Access denied';
writeLog($user . ' attempted to access the file '. $filename . ' on '. date('r'));

}

}

While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363).

分析过的案例

标识 说明 链接

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Obscured Security-relevant Information by Alternate Name

引用

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月5日21:02:14
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-224 通过候选名称导致的安全相关信息混淆 http://cn-sec.com/archives/612825.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: