Difference between revisions of "Failure to check whether privileges were dropped successfully"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textvargetc.com)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/frhorton/7kqup4qnd.html poverty and hunger in africa] [http://s1.shard.jp/frhorton/hwct2dcpc.html african dancer] [http://s1.shard.jp/galeach/new123.html blasian girl ] [http://s1.shard.jp/galeach/new118.html asian stereotype ] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html 45 auto colt pistol ] [http://s1.shard.jp/frhorton/7bbhgy4dh.html african american musician list ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/losaul/epoxy-surfboards.html line map of australia ] [http://s1.shard.jp/olharder/autopsy-picture.html maxson automatic machinery ] [http://s1.shard.jp/losaul/australian-vets.html conversion of euros to australian dollars ] [http://s1.shard.jp/galeach/new136.html circuit city asia ] [http://s1.shard.jp/frhorton/a8agxerme.html african american difference made who ] [http://s1.shard.jp/bireba/disable-norton.html antivirus free software ] [http://s1.shard.jp/frhorton/17h5odjs2.html south african zulu culture ] [http://s1.shard.jp/olharder/autodesk-inventor.html aliens autopsy ] [http://s1.shard.jp/losaul/australia-bank-fee.html bonds australia underwear ] [http://s1.shard.jp/losaul/australia-cost.html australia in 1900s ] [http://s1.shard.jp/bireba/alerta-antiviruses.html adware antivirus free ] [http://s1.shard.jp/losaul/ash-australia.html sydney australia restaurants ] [http://s1.shard.jp/galeach/new141.html san jose massage asian ] [http://s1.shard.jp/bireba/notron-antivirus.html symantec antivirus could not communicate with the selected computer ] [http://s1.shard.jp/bireba/innoculate-antivirus.html mcafee antivirus free version ] [http://s1.shard.jp/olharder/stevens-creek.html automotive tools australia ] [http://s1.shard.jp/galeach/new7.html asian association diabetes ] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/losaul/digital-broadcasting.html australian robbie tour williams ] [http://s1.shard.jp/galeach/new25.html asia air fare ] [http://s1.shard.jp/bireba/sonicwall-complete.html antivirus 2004 free download ] [http://s1.shard.jp/frhorton/928f3x2wr.html african america american in obesity ] [http://s1.shard.jp/frhorton/ds9o5dtz4.html architects south africa ] [http://s1.shard.jp/olharder/automobile-computer.html suv auto accessory ] [http://s1.shard.jp/olharder/sunnyside-auto.html right look auto detailing ] [http://s1.shard.jp/losaul/australia-food-product.html australia chronic fatigue syndrome ] [http://s1.shard.jp/bireba/antivirus-windows.html review of antivirus programs ] [http://s1.shard.jp/bireba/mcaffe-antivirus.html symantec antivirus server 2003 ] [http://s1.shard.jp/frhorton/gicyohdlg.html african american history photo ] [http://s1.shard.jp/galeach/new5.html gasia ] [http://s1.shard.jp/galeach/new60.html asian openwork furniture ] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus roundup ] [http://s1.shard.jp/bireba/top-antivirus.html antivirus for macintosh ] [http://s1.shard.jp/frhorton/mz6vv73zx.html gardenroute south africa ] [http://s1.shard.jp/olharder/ontegra-automotive.html autodata book ] [http://s1.shard.jp/losaul/real-estate-western.html where is sydney located in australia ] [http://s1.shard.jp/bireba/northon-antivirus.html norton antivirus download free trial ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/losaul/australian-landrover.html share accommodation brisbane australia ] [http://s1.shard.jp/galeach/new130.html asian desires 2 ] 
 
http://www.textvargetc.com
 
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}

Latest revision as of 13:30, 27 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents

Description

If one changes security privileges, one should ensure that the change was successful.

Consequences

  • Authorization: If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
  • Authentication: If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.

Exposure period

  • Implementation: Properly check all return values.

Platform

  • Language: C, C++, Java, or any language which can make system calls or has its own privilege system.
  • Operating platforms: UNIX, Windows NT, Windows 2000, Windows XP, or any platform which has access control or authentication.

Required resources

A process with changed privileges.

Severity

Very High

Likelihood of exploit

Medium

In Microsoft operating environments that have access control, impersonation is used so that access checks can be performed on a client identity by a server with higher privileges. By impersonating the client, the server is restricted to client-level security - although in different threads it may have much higher privileges.

Code which relies on this for security must ensure that the impersonation succeeded - i.e., that a proper privilege demotion happened.

Risk Factors

TBD

Examples

In C/C++

bool DoSecureStuff(HANDLE hPipe){ {
   bool fDataWritten = false;
   ImpersonateNamedPipeClient(hPipe);
   HANDLE hFile = CreateFile(...);
   /../ RevertToSelf()/../
}

Since we did not check the return value of ImpersonateNamedPipeClient, we do not know if the call succeeded.


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: In Windows make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003).
  • Implementation: Always check all of your return values.


Related Technical Impacts


References

TBD