CWE-276 缺省权限不正确

Incorrect Default Permissions

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: Medium

基本描述

The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 732 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 732 cwe_View_ID: 1003 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Application Data', 'Modify Application Data']

检测方法

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Inter-application Flow Analysis

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results Interpretation

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Host-based Vulnerability Scanners – Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria
  • Web Application Scanner
  • Web Services Scanner
  • Database Scanners

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Host Application Interface Scanner
Cost effective for partial coverage:
  • Fuzz Tester
  • Framework-based Fuzzer
  • Automated Monitored Execution
  • Forced Path Execution

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Manual Source Code Review (not inspections)
Cost effective for partial coverage:
  • Focused Manual Spotcheck - Focused manual analysis of source

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Context-configured Source Code Weakness Analyzer

Automated Static Analysis

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:
  • Configuration Checker

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:
  • Formal Methods / Correct-By-Construction
Cost effective for partial coverage:
  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

可能的缓解方案

MIT-1 ['Architecture and Design', 'Operation']

策略:

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

MIT-46 Architecture and Design

策略: Separation of Privilege

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design and that the compartmentalization serves to allow for and further reinforce privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide when it is appropriate to use and to drop system privileges.

分析过的案例

标识 说明 链接
CVE-2005-1941 Executables installed world-writable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1941
CVE-2002-1713 Home directories installed world-readable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1713
CVE-2001-1550 World-writable log files allow information loss; world-readable file has cleartext passwords. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1550
CVE-2002-1711 World-readable directory. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1711
CVE-2002-1844 Windows product uses insecure permissions when installing on Solaris (genesis: port error). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1844
CVE-2001-0497 Insecure permissions for a shared secret key file. Overlaps cryptographic problem. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0497
CVE-1999-0426 Default permissions of a device allow IP spoofing. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0426

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Insecure Default Permissions
CERT C Secure Coding FIO06-C Create files with appropriate access permissions
The CERT Oracle Secure Coding Standard for Java (2011) FIO01-J Create files with appropriate access permission

相关攻击模式

  • CAPEC-1
  • CAPEC-127
  • CAPEC-81

引用