Failure to check whether privileges were dropped successfully

Revision as of 07:11, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

poverty and hunger in africa african dancer [ blasian girl ] [ asian stereotype ] [ 45 auto colt pistol ] [ african american musician list ] http [ line map of australia ] [ maxson automatic machinery ] [ conversion of euros to australian dollars ] [ circuit city asia ] [ african american difference made who ] [ antivirus free software ] [ south african zulu culture ] [ aliens autopsy ] [ bonds australia underwear ] [ australia in 1900s ] [ adware antivirus free ] [ sydney australia restaurants ] [ san jose massage asian ] [ symantec antivirus could not communicate with the selected computer ] [ mcafee antivirus free version ] [ automotive tools australia ] [ asian association diabetes ] link [ australian robbie tour williams ] [ asia air fare ] [ antivirus 2004 free download ] [ african america american in obesity ] [ architects south africa ] [ suv auto accessory ] [ right look auto detailing ] [ australia chronic fatigue syndrome ] [ review of antivirus programs ] [ symantec antivirus server 2003 ] [ african american history photo ] [ gasia ] [ asian openwork furniture ] [ antivirus roundup ] [ antivirus for macintosh ] [ gardenroute south africa ] [ autodata book ] [ where is sydney located in australia ] [ norton antivirus download free trial ] http [ share accommodation brisbane australia ] [ asian desires 2 ]

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


If one changes security privileges, one should ensure that the change was successful.


  • Authorization: If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
  • Authentication: If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.

Exposure period

  • Implementation: Properly check all return values.


  • Language: C, C++, Java, or any language which can make system calls or has its own privilege system.
  • Operating platforms: UNIX, Windows NT, Windows 2000, Windows XP, or any platform which has access control or authentication.

Required resources

A process with changed privileges.


Very High

Likelihood of exploit


In Microsoft operating environments that have access control, impersonation is used so that access checks can be performed on a client identity by a server with higher privileges. By impersonating the client, the server is restricted to client-level security - although in different threads it may have much higher privileges.

Code which relies on this for security must ensure that the impersonation succeeded - i.e., that a proper privilege demotion happened.

Risk Factors



In C/C++

bool DoSecureStuff(HANDLE hPipe){ {
   bool fDataWritten = false;
   HANDLE hFile = CreateFile(...);
   /../ RevertToSelf()/../

Since we did not check the return value of ImpersonateNamedPipeClient, we do not know if the call succeeded.

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: In Windows make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003).
  • Implementation: Always check all of your return values.

Related Technical Impacts