CWE-368 上下文切换时的竞争条件
Context Switching Race Condition
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch.
扩展描述
This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 362 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 362 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: CanAlsoBe cwe_CWE_ID: 364 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Integrity', 'Confidentiality'] | ['Modify Application Data', 'Read Application Data'] |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2009-1837 | Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416) | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837 |
| CVE-2004-2260 | Browser updates address bar as soon as user clicks on a link instead of when the page has loaded, allowing spoofing by redirecting to another page using onUnload method. this is one example of the role of "hooks" and context switches, and should be captured somehow - also a race condition of sorts | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2260 |
| CVE-2004-0191 | XSS when web browser executes Javascript events in the context of a new page while it's being loaded, allowing interaction with previous page in different domain. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0191 |
| CVE-2004-2491 | Web browser fills in address bar of clicked-on link before page has been loaded, and doesn't update afterward. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2491 |
Notes
Relationship Can overlap signal handler race conditions. Research Gap Under-studied as a concept. Frequency unknown; few vulnerability reports give enough detail to know when a context switching race condition is a factor.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Context Switching Race Condition |
相关攻击模式
- CAPEC-26
- CAPEC-29