Presentation is loading. Please wait.

Presentation is loading. Please wait.

CWE-732 Incorrect Permission Assignment for Critical Resource

Similar presentations

Presentation on theme: "CWE-732 Incorrect Permission Assignment for Critical Resource"— Presentation transcript:

1 CWE-732 Incorrect Permission Assignment for Critical Resource
Denisa Ivan MSI2

2 CWE-732 was included in the SANS institute Top 25 security bugs list.
CWE-732 is the Common Weakness Enumeration identifier for the class of security bugs a program does not check if a critical file MIGHT have been written to by an untrusted actor.

3 Description The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

4 Consequences Scope Effect Confidentiality
Read application data; Read files or directories (credentials, configuration info) Access Control Gain privileges / assume identity (replacing a world-writable executable with a Trojan horse) Integrity Other Modify application data (destroy or corrupt critical data in the associated resource, such as deletion of records from a database.)

5 Relationships with other vulnerabilities

6 Detection Methods

7 Automated Static Analysis
(Configuration Checker) Source Code/Bytecode Manual(human) Analysis Static/Dynamic

8 Black Box Monitoring tools examine the software's process as it interacts with the OS and the network. Useful when source code is unavailable, if the software was developed by someone else, or to verify that the build phase did not introduce any new weaknesses. Analyses permissions issues related to system resources, not application-level business rules that are related to permissions

9 Black Box Examples: debuggers attached to the running process;
system-call tracing utilities: truss (Solaris) and strace (Linux); system activity monitors: FileMon, RegMon, Process Monitor, other Sysinternals utilities (Windows); sniffers and protocol analyzers that monitor network traffic.

10 Attach the monitor to the process and watch for library functions or system calls on OS resources such as files, directories, and shared memory. Examine the arguments to these calls to infer which permissions are being used.

11 Example //Language PHP function createUserDir($username){ $path = '/home/'.$username; if(!mkdir($path)){ // forgot optional ‘mode’ argument -> the directory is created with the default permissions 0777 return false; } return true;

12 Observed Examples

13 CVE Anti-virus product sets insecure "Everyone: Full Control" permissions for files under the "Program Files" folder, allowing attackers to replace executables with Trojan horses. CVE Driver installs a file with world-writable permissions. CVE Security product uses "Everyone: Full Control" permissions for its configuration files. CVE LDAP server stores a cleartext password in a world-readable file. CVE Product uses "Everyone: Full Control" permissions for memory-mapped files (shared memory) in inter-process communication, allowing attackers to tamper with a session. The complete list is available at

14 CVE TrustPort Antivirus before and PC Security before use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES% This allows  local attackers (unprivileged users) to gain privileges by replacing files (including executable files of Trustport services) by malicious files and execute arbitrary code with SYSTEM privileges.

15 Potential Mitigations
Phase: Implementation: check to see if the resource has insecure permissions and report them Phase: Architecture and Design: Divide the software into several administrative areas(like a Security Lattice) and set the permissions accordingly

16 Potential Mitigations(II)
Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. Utils: OS: Unix chroot jail, AppArmor, SELinux (Java SecurityManager)

17 Potential Mitigations(III)
Phase: Operation; System Configuration Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [R.732.4] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.

18 Case study Bell–LaPadula model
The Simple Security Property (no read-up). The ★-property (read "star"-property) (no write-down). The Discretionary Security Property - use of an access matrix to specify the discretionary access control.

19 BLP - lattice

20 The End

Download ppt "CWE-732 Incorrect Permission Assignment for Critical Resource"

Similar presentations

Ads by Google