CWE-224 通过候选名称导致的安全相关信息混淆
Obscured Security-relevant Information by Alternate Name
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 221 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 221 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Non-Repudiation', 'Access Control'] | ['Hide Activities', 'Gain Privileges or Assume Identity'] |
示例代码
例
This code prints the contents of a file if a user has permission.
bad PHP
$realFile = $filename;
//resolve file if its a symbolic link
if(is_link($filename)){
}
if(fileowner($realFile) == $user){
return;
}
else{
writeLog($user . ' attempted to access the file '. $filename . ' on '. date('r'));
}
}
While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363).
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Obscured Security-relevant Information by Alternate Name |
引用
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论