Write-what-where Condition
Weakness ID: 123 (Weakness Base)Status: Draft
+ Description

Description Summary

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

+ Common Consequences
ScopeEffect
Access Control

Clearly, write-what-where conditions can be used to write data to areas of memory outside the scope of a policy. Also, they almost invariably can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy.

If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), he can redirect a function pointer to his own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator.

Availability

Many memory accesses can lead to program termination, such as when writing to addresses that are invalid for the current process.

Other

When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

+ Likelihood of Exploit

High

+ Potential Mitigations

Pre-design: Use a language that provides appropriate memory abstractions.

Phase: Architecture and Design

Integrate technologies that try to prevent the consequences of this problem.

Phase: Implementation

Take note of mitigations provided for other flaws in this taxonomy that lead to write-what-where conditions.

Operational: Use OS-level preventative functionality integrated after the fact. Not a complete solution.

+ Weakness Ordinalities
OrdinalityDescription
Resultant
(where the weakness is typically related to the presence of some other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class119Failure to Constrain Operations within the Bounds of a Memory Buffer
Development Concepts (primary)699
Research Concepts (primary)1000
PeerOfWeakness BaseWeakness Base134Uncontrolled Format String
Research Concepts1000
CanFollowWeakness BaseWeakness Base120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Research Concepts1000
CanFollowWeakness BaseWeakness Base364Signal Handler Race Condition
Research Concepts1000
CanFollowWeakness BaseWeakness Base416Use After Free
Research Concepts1000
CanFollowWeakness VariantWeakness Variant590Free of Memory not on the Heap
Research Concepts1000
PeerOfWeakness VariantWeakness Variant415Double Free
Research Concepts1000
PeerOfWeakness VariantWeakness Variant479Unsafe Function Call from a Signal Handler
Research Concepts1000
+ Causal Nature

Explicit

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPWrite-what-where condition
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Common Consequences, Relationships, Other Notes, Taxonomy Mappings, Weakness Ordinalities
2008-11-24CWE Content TeamMITREInternal
updated Common Consequences, Other Notes
2009-01-12CWE Content TeamMITREInternal
updated Common Consequences
2009-05-27CWE Content TeamMITREInternal
updated Relationships
Back to top