CAPEC-26

Leveraging Race Conditions
HIGH
HIGH
Stable
2014-06-23 00:00 +00:00
2022-09-29 00:00 +00:00

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

Informations

Execution Flow

1) Explore

The adversary explores to gauge what level of access they have.

2) Experiment

The adversary gains access to a resource on the target host. The adversary modifies the targeted resource. The resource's value is used to determine the next normal execution action.

3) Exploit

The resource is modified/checked concurrently by multiple processes. By using one of the processes, the adversary is able to modify the value just before it is consumed by a different process. A race condition occurs and is exploited by the adversary to abuse the target host.

Prerequisites

A resource is accessed/modified concurrently by multiple processes such that a race condition exists.
The adversary has the ability to modify the resource.

Skills Required

Being able to "run the race" requires basic knowledge of concurrent processing including synchonization techniques.

Mitigations

Use safe libraries to access resources such as files.
Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.
Use synchronization to control the flow of execution.
Use static analysis tools to find race conditions.
Pay attention to concurrency problems related to the access of resources.

Related Weaknesses

CWE-ID Weakness Name
CWE-368 Context Switching Race Condition
A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch.
CWE-363 Race Condition Enabling Link Following
The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file.
CWE-366 Race Condition within a Thread
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.
CWE-370 Missing Check for Certificate Revocation after Initial Check
The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even after the certificate is revoked at a later time.
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-662 Improper Synchronization
The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
CWE-689 Permission Race Condition During Resource Copy
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
CWE-665 Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
CWE-1223 Race Condition for Write-Once Attributes
A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.
CWE-1254 Incorrect Comparison Logic Granularity
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.
CWE-1298 Hardware Logic Contains Race Conditions
A race condition in the hardware logic results in undermining security guarantees of the system.

References

REF-1

Exploiting Software: How to Break Code
G. Hoglund, G. McGraw.

REF-105

Wikipedia
http://en.wikipedia.org/wiki/Race_condition

REF-106

Secure programmer: Prevent race conditions
David Wheeler.
http://www.ibm.com/developerworks/linux/library/l-sprace/index.html

REF-107

SAMATE - Software Assurance Metrics And Tool Evaluation
Fortify Software.
http://samate.nist.gov/SRD/view_testcase.php?tID=1598

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2017-01-09 +00:00 Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References, Solutions_and_Mitigations
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Description, Example_Instances, Execution_Flow, Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Example_Instances
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.