CWE-412 未加限制的外部可访问锁

admin
admin
admin
138876
文章
114
评论
2021年12月12日05:45:03评论99 views字数 4033阅读13分26秒阅读模式

CWE-412 未加限制的外部可访问锁

Unrestricted Externally Accessible Lock

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.

扩展描述

This prevents the software from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant locks might include an exclusive lock or mutex, or modifying a shared resource that is treated as a lock. If the lock can be held for an indefinite period of time, then the denial of service could be permanent.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 667 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: CanAlsoBe cwe_CWE_ID: 410 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Availability DoS: Resource Consumption (Other) When an attacker can control a lock, the program may wait indefinitely until the attacker releases the lock, causing a denial of service to other users of the program. This is especially problematic if there is a blocking operation on the lock.

检测方法

White Box

Automated code analysis techniques might not be able to reliably detect this weakness, since the application's behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is used as a lock, but the file is created in a world-writable directory.

可能的缓解方案

['Architecture and Design', 'Implementation']

策略:

Use any access control that is offered by the functionality that is offering the lock.

['Architecture and Design', 'Implementation']

策略:

Use unpredictable names or identifiers for the locks. This might not always be possible or feasible.

Architecture and Design

策略:

Consider modifying your code to use non-blocking synchronization methods.

示例代码

This code tries to obtain a lock for a file, then writes to it.

bad PHP

function writeToLog($message){

$logfile = fopen("logFile.log", "a");
//attempt to get logfile lock

if (flock($logfile, LOCK_EX)) {

fwrite($logfile,$message);
// unlock logfile

flock($logfile, LOCK_UN);

}
else {

print "Could not obtain lock on logFile.log, message not recordedn";

}

}
fclose($logFile);

PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock().

分析过的案例

标识 说明 链接
CVE-2001-0682 Program can not execute when attacker obtains a mutex. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682
CVE-2002-1914 Program can not execute when attacker obtains a lock on a critical output file. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914
CVE-2002-1915 Program can not execute when attacker obtains a lock on a critical output file. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915
CVE-2002-0051 Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051
CVE-2000-0338 Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338
CVE-2000-1198 Chain: Lock files with predictable names. Resultant from randomness. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198
CVE-2002-1869 Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Unrestricted Critical Resource Lock
7 Pernicious Kingdoms Deadlock
OWASP Top Ten 2004 A9 CWE More Specific Denial of Service
The CERT Oracle Secure Coding Standard for Java (2011) LCK00-J Use private final lock objects to synchronize classes that may interact with untrusted code
The CERT Oracle Secure Coding Standard for Java (2011) LCK07-J Avoid deadlock by requesting and releasing locks in the same order
Software Fault Patterns SFP22 Unrestricted lock

相关攻击模式

  • CAPEC-25

文章来源于互联网:scap中文网

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月12日05:45:03
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-412 未加限制的外部可访问锁https://cn-sec.com/archives/613321.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息