CWE-69 Windows::DATA交换数据流处理不恰当
Improper Handling of Windows ::DATA Alternate Data Stream
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).
扩展描述
An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 66 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 66 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
Operating_System: {'cwe_Class': 'Windows', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Access Control', 'Non-Repudiation', 'Other'] | ['Bypass Protection Mechanism', 'Hide Activities', 'Other'] |
可能的缓解方案
Testing
策略:
Software tools are capable of finding ADSs on your system.
Implementation
策略:
Ensure that the source code correctly parses the filename to read or write to the correct stream.
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-1999-0278 | In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0278 |
| CVE-2000-0927 | Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0927 |
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Windows ::DATA alternate data stream |
相关攻击模式
- CAPEC-168