CWE-511 逻辑/时间炸弹
Logic/Time Bomb
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.
扩展描述
When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 506 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 506 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
Paradigm: {'cwe_Name': 'Mobile', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Other', 'Integrity'] | ['Varies by Context', 'Alter Execution Logic'] |
可能的缓解方案
Installation
策略:
Always verify the integrity of the software that is being installed.
Testing
策略:
Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.
示例代码
例
Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Landwehr | Logic/Time Bomb |
引用
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论