Modes Of Introduction
Architecture and Design
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation
Applicable Platforms
Language
Class: Not Language-Specific (Undetermined)
Common Consequences
Scope |
Impact |
Likelihood |
Access Control | Gain Privileges or Assume Identity | |
Observed Examples
Reference |
Description |
CVE-2001-1555 | Terminal privileges are not reset when a user logs out. |
CVE-2001-1514 | Does not properly pass security context to child processes in certain cases, allows privilege escalation. |
CVE-2001-0128 | Does not properly compute roles. |
CVE-1999-1193 | untrusted user placed in unix "wheel" group |
CVE-2005-2741 | Product allows users to grant themselves certain rights that can be used to escalate privileges. |
CVE-2005-2496 | Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue. |
CVE-2004-0274 | Product mistakenly assigns a particular status to an entity, leading to increased privileges. |
CVE-2007-4217 | FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients. |
CVE-2007-5159 | OS incorrectly installs a program with setuid privileges, allowing users to gain privileges. |
CVE-2008-4638 | Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209). |
CVE-2007-3931 | Installation script installs some programs as setuid when they shouldn't be. |
CVE-2002-1981 | Roles have access to dangerous procedures (Accessible entities). |
CVE-2002-1671 | Untrusted object/method gets access to clipboard (Accessible entities). |
CVE-2000-0315 | Traceroute program allows unprivileged users to modify source address of packet (Accessible entities). |
CVE-2000-0506 | User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions). |
Potential Mitigations
Phases : Architecture and Design // Operation
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phases : Architecture and Design
Follow the principle of least privilege when assigning access rights to entities in a software system.
Phases : Architecture and Design
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Detection Methods
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness : High
Vulnerability Mapping Notes
Rationale : CWE-269 is commonly misused. It can be conflated with "privilege escalation," which is a technical impact that is listed in many low-information vulnerability reports [REF-1287]. It is not useful for trend analysis.
Comments : If an error or mistake allows privilege escalation, then use the CWE ID for that mistake. Avoid using CWE-269 when only phrases such as "privilege escalation" or "gain privileges" are available, as these indicate technical impact of the vulnerability - not the root cause weakness. If the root cause seems to be directly related to privileges, then examine the children of CWE-269 for additional hints, such as Execution with Unnecessary Privileges (CWE-250) or Incorrect Privilege Assignment (CWE-266).
Related Attack Patterns
CAPEC-ID |
Attack Pattern Name |
CAPEC-122 |
Privilege Abuse An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. |
CAPEC-233 |
Privilege Escalation An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform. |
CAPEC-58 |
Restful Privilege Elevation An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages. |
Notes
The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).
References
REF-44
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.
REF-62
The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.
REF-1287
Supplemental Details - 2022 CWE Top 25
MITRE.
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25_supplemental.html#problematicMappingDetails
Submission
Name |
Organization |
Date |
Date Release |
Version |
PLOVER |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Name |
Organization |
Date |
Comment |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Time_of_Introduction |
|
CWE Team |
2008-09-08 +00:00 |
Moved this entry higher up in the Research view. |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities |
CWE Content Team |
MITRE |
2009-05-27 +00:00 |
updated Name |
CWE Content Team |
MITRE |
2009-12-28 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2010-06-21 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2011-03-29 +00:00 |
updated Description, Relationships |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated References, Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2013-02-21 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Type |
CWE Content Team |
MITRE |
2019-06-20 +00:00 |
updated Related_Attack_Patterns, Relationships |
CWE Content Team |
MITRE |
2019-09-19 +00:00 |
updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples, Relationships |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Observed_Examples, Relationships |
CWE Content Team |
MITRE |
2020-08-20 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2021-03-15 +00:00 |
updated Demonstrative_Examples |
CWE Content Team |
MITRE |
2021-10-28 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2022-04-28 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2022-10-13 +00:00 |
updated References |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Detection_Factors, Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2024-07-16 +00:00 |
updated Diagram |
CWE Content Team |
MITRE |
2024-11-19 +00:00 |
updated Relationships |