CWE-426 Details

CWE-426

Untrusted Search Path
Hoch
Stable
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Benachrichtigungen verwalten

Name: Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Allgemeine Informationen

Einführungsmodi

Implementation

Anwendbare Plattformen

Sprache

Class: Not Language-Specific (Undetermined)

Betriebssysteme

Class: Not OS-Specific (Undetermined)

Häufige Konsequenzen

Bereich Auswirkung Wahrscheinlichkeit
Integrity
Confidentiality
Availability
Access Control		Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands

Note: There is the potential for arbitrary code execution with privileges of the vulnerable program.
AvailabilityDoS: Crash, Exit, or Restart

Note: The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format.
ConfidentialityRead Files or Directories

Note: The program could send the output of unauthorized files to the attacker.

Beobachtete Beispiele

Referenzen Beschreibung

CVE-1999-1120

Application relies on its PATH environment variable to find and execute program.

CVE-2008-1810

Database application relies on its PATH environment variable to find and execute program.

CVE-2007-2027

Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages.

CVE-2008-3485

Untrusted search path using malicious .EXE in Windows environment.

CVE-2008-2613

setuid program allows compromise using path that finds and loads a malicious library.

CVE-2008-1319

Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.

Mögliche Gegenmaßnahmen

Phases : Architecture and Design // Implementation
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
Phases : Implementation
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Phases : Implementation
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Phases : Implementation
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Phases : Implementation
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.

Erkennungsmethoden

Black Box

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Wirksamkeit : High

Manual Analysis

Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

Hinweise zur Schwachstellen-Zuordnung

Begründung : This CWE entry is often confused with another closely-related entry about search paths.
Kommentar : CWE-426 and CWE-427 are often misused because they both mention search paths, although CWE-426 is focused on attacker control of the search path itself, while CWE-427 applies when the attacker cannot modify the search path but can write to one of the locations specified in the search path. Also, this entry is classified in a part of CWE's hierarchy that does not have sufficiently low-level coverage, which might reflect a lack of classification-oriented weakness research in the software security community. Conduct careful root cause analysis to determine the original mistake that led to this weakness. If closer analysis reveals that this weakness is appropriate, then this might be the best available CWE to use for mapping. If no other option is available, then it is acceptable to map to this CWE.

Verwandte Angriffsmuster

CAPEC-ID Name des Angriffsmusters
CAPEC-38 Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

Referenzen

REF-18

The CLASP Application Security Process
Secure Software, Inc..
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

REF-176

Writing Secure Code
Michael Howard, David LeBlanc.

REF-207

Building Secure Software: How to Avoid Security Problems the Right Way
John Viega, Gary McGraw.

REF-7

Writing Secure Code
Michael Howard, David LeBlanc.
https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223

Einreichung

Name Organisation Datum Veröffentlichungsdatum Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Änderungen

Name Organisation Datum Kommentar
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Common_Consequences, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2008-11-24 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2009-01-12 +00:00 updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, Relationships, Time_of_Introduction
CWE Content Team MITRE 2009-03-10 +00:00 updated Demonstrative_Examples, Potential_Mitigations
CWE Content Team MITRE 2009-12-28 +00:00 updated References
CWE Content Team MITRE 2010-02-16 +00:00 updated References, Relationships
CWE Content Team MITRE 2010-04-05 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2010-06-21 +00:00 updated Detection_Factors, Potential_Mitigations
CWE Content Team MITRE 2010-09-27 +00:00 updated Description, Relationships
CWE Content Team MITRE 2011-03-29 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-09-13 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2012-05-11 +00:00 updated Demonstrative_Examples, References
CWE Content Team MITRE 2014-02-18 +00:00 updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations
CWE Content Team MITRE 2015-12-07 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2018-03-27 +00:00 updated Demonstrative_Examples, References, Relationships, Type
CWE Content Team MITRE 2019-01-03 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2019-06-20 +00:00 updated Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2019-09-19 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated References, Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2021-10-28 +00:00 updated Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Research_Gaps
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Detection_Factors, Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2024-07-16 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2025-04-03 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Relationships, Weakness_Ordinalities
Die auf CVE Find präsentierten Informationen stammen aus mehreren sorgfältig ausgewählten Referenzquellen. CVE-Daten werden von der MITRE Corporation und der National Vulnerability Database (NVD) bereitgestellt. Der Katalog bekannter ausgenutzter Schwachstellen (KEV) stammt von der Cybersecurity and Infrastructure Security Agency (CISA), während EPSS-Scores von FIRST.org kommen. Darüber hinaus werden Daten zu Software-Schwachstellen (CWE) und häufigen Angriffsmustern (CAPEC) von der MITRE Corporation gepflegt, und Informationen zu Hardware- und Software-Konfigurationen (CPE) werden von der NVD bereitgestellt.