CWE-368 上下文切换时的竞争条件

admin 2022年1月2日04:09:31CWE(弱点枚举)评论20 views2165字阅读7分13秒阅读模式

CWE-368 上下文切换时的竞争条件

Context Switching Race Condition

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch.

扩展描述

This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 362 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 362 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: CanAlsoBe cwe_CWE_ID: 364 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Integrity', 'Confidentiality'] ['Modify Application Data', 'Read Application Data']

分析过的案例

标识 说明 链接
CVE-2009-1837 Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837
CVE-2004-2260 Browser updates address bar as soon as user clicks on a link instead of when the page has loaded, allowing spoofing by redirecting to another page using onUnload method. this is one example of the role of "hooks" and context switches, and should be captured somehow - also a race condition of sorts https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2260
CVE-2004-0191 XSS when web browser executes Javascript events in the context of a new page while it's being loaded, allowing interaction with previous page in different domain. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0191
CVE-2004-2491 Web browser fills in address bar of clicked-on link before page has been loaded, and doesn't update afterward. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2491

Notes

Relationship
Can overlap signal handler race conditions.
Research Gap
Under-studied as a concept. Frequency unknown; few vulnerability reports give enough detail to know when a context switching race condition is a factor.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Context Switching Race Condition

相关攻击模式

  • CAPEC-26
  • CAPEC-29

引用

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月2日04:09:31
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-368 上下文切换时的竞争条件 http://cn-sec.com/archives/612897.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: