CWE-67 Windows设备名处理不恰当
Improper Handling of Windows Device Names
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: High
基本描述
The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
扩展描述
Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 66 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 66 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
Operating_System: {'cwe_Class': 'Windows', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Availability', 'Confidentiality', 'Other'] | ['DoS: Crash, Exit, or Restart', 'Read Application Data', 'Other'] |
可能的缓解方案
Implementation
策略:
Be familiar with the device names in the operating system where your system is deployed. Check input for these device names.
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2002-0106 | Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0106 |
| CVE-2002-0200 | Server allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200 |
| CVE-2002-1052 | Product allows remote attackers to use MS-DOS device names in HTTP requests to cause a denial of service or obtain the physical path of the server. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1052 |
| CVE-2001-0493 | Server allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0493 |
| CVE-2001-0558 | Server allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0558 |
| CVE-2000-0168 | Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0168 |
| CVE-2001-0492 | Server allows remote attackers to determine the physical path of the server via a URL containing MS-DOS device names. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0492 |
| CVE-2004-0552 | Product does not properly handle files whose names contain reserved MS-DOS device names, which can allow malicious code to bypass detection when it is installed, copied, or executed. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0552 |
| CVE-2005-2195 | Server allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2195 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Windows MS-DOS device names | ||
| CERT C Secure Coding | FIO32-C | CWE More Specific | Do not perform operations on devices that are only appropriate for files |
| The CERT Oracle Secure Coding Standard for Java (2011) | FIO00-J | Do not operate on files in shared directories | |
| Software Fault Patterns | SFP16 | Path Traversal |