Download presentation
Published byTucker Lather Modified over 9 years ago
1
CWE-732 Incorrect Permission Assignment for Critical Resource
Denisa Ivan MSI2
2
CWE-732 was included in the SANS institute Top 25 security bugs list.
CWE-732 is the Common Weakness Enumeration identifier for the class of security bugs a program does not check if a critical file MIGHT have been written to by an untrusted actor.
3
Description The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
4
Consequences Scope Effect Confidentiality
Read application data; Read files or directories (credentials, configuration info) Access Control Gain privileges / assume identity (replacing a world-writable executable with a Trojan horse) Integrity Other Modify application data (destroy or corrupt critical data in the associated resource, such as deletion of records from a database.)
5
Relationships with other vulnerabilities
6
Detection Methods
7
Automated Static Analysis
(Configuration Checker) Source Code/Bytecode Manual(human) Analysis Static/Dynamic
8
Black Box Monitoring tools examine the software's process as it interacts with the OS and the network. Useful when source code is unavailable, if the software was developed by someone else, or to verify that the build phase did not introduce any new weaknesses. Analyses permissions issues related to system resources, not application-level business rules that are related to permissions
9
Black Box Examples: debuggers attached to the running process;
system-call tracing utilities: truss (Solaris) and strace (Linux); system activity monitors: FileMon, RegMon, Process Monitor, other Sysinternals utilities (Windows); sniffers and protocol analyzers that monitor network traffic.
10
Attach the monitor to the process and watch for library functions or system calls on OS resources such as files, directories, and shared memory. Examine the arguments to these calls to infer which permissions are being used.
11
Example //Language PHP function createUserDir($username){ $path = '/home/'.$username; if(!mkdir($path)){ // forgot optional ‘mode’ argument -> the directory is created with the default permissions 0777 return false; } return true;
12
Observed Examples
13
CVE Anti-virus product sets insecure "Everyone: Full Control" permissions for files under the "Program Files" folder, allowing attackers to replace executables with Trojan horses. CVE Driver installs a file with world-writable permissions. CVE Security product uses "Everyone: Full Control" permissions for its configuration files. CVE LDAP server stores a cleartext password in a world-readable file. CVE Product uses "Everyone: Full Control" permissions for memory-mapped files (shared memory) in inter-process communication, allowing attackers to tamper with a session. The complete list is available at
14
CVE TrustPort Antivirus before and PC Security before use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES% This allows local attackers (unprivileged users) to gain privileges by replacing files (including executable files of Trustport services) by malicious files and execute arbitrary code with SYSTEM privileges.
15
Potential Mitigations
Phase: Implementation: check to see if the resource has insecure permissions and report them Phase: Architecture and Design: Divide the software into several administrative areas(like a Security Lattice) and set the permissions accordingly
16
Potential Mitigations(II)
Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. Utils: OS: Unix chroot jail, AppArmor, SELinux java.io.FilePermission (Java SecurityManager)
17
Potential Mitigations(III)
Phase: Operation; System Configuration Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [R.732.4] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software.
18
Case study Bell–LaPadula model
The Simple Security Property (no read-up). The ★-property (read "star"-property) (no write-down). The Discretionary Security Property - use of an access matrix to specify the discretionary access control.
19
BLP - lattice
20
The End
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.