Privilege Dropping / Lowering Errors |
Weakness ID: 271 (Weakness Class) | Status: Incomplete |
Description Summary
Extended Description
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
Reference | Description |
---|---|
CVE-2000-1213 | Program does not drop privileges after acquiring the raw socket. |
CVE-2001-0559 | Setuid program does not drop privileges after a parsing error occurs, then calls another program to handle the error. |
CVE-2001-0787 | Does not drop privileges in related groups when lowering privileges. |
CVE-2002-0080 | Does not drop privileges in related groups when lowering privileges. |
CVE-2001-1029 | Does not drop privileges before determining access to certain files. |
CVE-1999-0813 | Finger daemon does not drop privileges when executing programs on behalf of the user being fingered. |
CVE-1999-1326 | FTP server does not drop privileges if a connection is aborted during file transfer. |
CVE-2000-0172 | Program only uses seteuid to drop privileges. |
CVE-2004-2504 | Windows program running as SYSTEM does not drop privileges before executing other programs (many others like this, especially involving the Help facility). |
CVE-2004-0806 | Setuid program does not drop privileges before executing program specified in an environment variable. |
CVE-2004-0828 | Setuid program does not drop privileges before processing file specified on command line. |
CVE-2004-2070 | Service on Windows does not drop privileges before using "view file" option, allowing code execution. |
Phase: Architecture and Design Ensure that appropriate compartmentalization is built into the system design and that the compartmentalization serves to allow for and further reinforce privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide when it is appropriate to use and to drop system privileges. |
Very carefully manage the setting, management and handling of privileges. Explicitly manage trust zones in the software. |
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 265 | Privilege / Sandbox Issues | Development Concepts (primary)699 |
ChildOf | Weakness Base | 269 | Improper Privilege Management | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 272 | Least Privilege Violation | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 273 | Improper Check for Dropped Privileges | Development Concepts (primary)699 Research Concepts1000 |
PeerOf | Weakness Class | 250 | Execution with Unnecessary Privileges | Research Concepts1000 |
PeerOf | Weakness Base | 274 | Improper Handling of Insufficient Privileges | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Privilege Dropping / Lowering Errors |
CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Taxonomy Mappings, Weakness Ordinalities | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Description, Maintenance Notes | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations |