CWE-689 在资源拷贝时的权限竞争条件

Permission Race Condition During Resource Copy

结构: Composite

Abstraction: Compound

状态: Draft

被利用可能性: unkown


The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.


  • cwe_Nature: Requires cwe_CWE_ID: 362 cwe_View_ID: 1000

  • cwe_Nature: Requires cwe_CWE_ID: 732 cwe_View_ID: 1000

  • cwe_Nature: ChildOf cwe_CWE_ID: 732 cwe_View_ID: 1000 cwe_Ordinal: Primary


Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Perl', 'cwe_Prevalence': 'Undetermined'}]


范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Application Data', 'Modify Application Data']


标识 说明 链接
CVE-2002-0760 Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.
CVE-2005-2174 Product inserts a new object into database before setting the object's permissions, introducing a race condition.
CVE-2006-5214 Error file has weak permissions before a chmod is performed.
CVE-2005-2475 Archive permissions issue using hard link.
CVE-2003-0265 Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.



  • CAPEC-26
  • CAPEC-27