CWE-403 将文件描述符暴露给不受控制的范围(文件描述符泄露)
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
扩展描述
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 402 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 402 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
Operating_System: {'cwe_Class': 'Unix', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Integrity'] | ['Read Application Data', 'Modify Application Data'] |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2003-0740 | Server leaks a privileged file descriptor, allowing the server to be hijacked. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0740 |
| CVE-2004-1033 | File descriptor leak allows read of restricted files. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1033 |
| CVE-2000-0094 | Access to restricted resource using modified file descriptor for stderr. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0094 |
| CVE-2002-0638 | Open file descriptor used as alternate channel in complex race condition. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0638 |
| CVE-2003-0489 | Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0489 |
| CVE-2003-0937 | User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0937 |
| CVE-2004-2215 | Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2215 |
| CVE-2006-5397 | Module opens a file for reading twice, allowing attackers to read files. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | UNIX file descriptor leak | ||
| CERT C Secure Coding | FIO42-C | Ensure files are properly closed when they are no longer needed | |
| Software Fault Patterns | SFP23 | Exposed Data |