Scope | Impact | Likelihood |
---|---|---|
Integrity Other | Alter Execution Logic, Unexpected State Note: The attacker can gain access to otherwise unauthorized resources. | |
Integrity Other | Modify Application Data, Modify Files or Directories, Modify Memory, Other Note: Race conditions such as this kind may be employed to gain read or write access to resources which are not normally readable or writable by the user in question. | |
Integrity Other | Other Note: The resource in question, or other resources (through the corrupted one), may be changed in undesirable ways by a malicious user. | |
Non-Repudiation | Hide Activities Note: If a file or other resource is written in this method, as opposed to in a valid way, logging of the activity may not occur. | |
Non-Repudiation Other | Other Note: In some cases it may be possible to delete files a malicious user might not otherwise have access to, such as log files. |
Reference | Description |
---|---|
TOCTOU in sandbox process allows installation of untrusted browser add-ons by replacing a file after it has been verified, but before it is executed | |
A multi-threaded race condition allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed. | |
PHP flaw allows remote attackers to execute arbitrary code by aborting execution before the initialization of key data structures is complete. | |
chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks. | |
chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks. |
CAPEC-ID | Attack Pattern Name |
---|---|
CAPEC-27 | Leveraging Race Conditions via Symbolic Links This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file. |
CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly. |
Name | Organization | Date | Date Release | Version |
---|---|---|---|---|
PLOVER | Draft 3 |
Name | Organization | Date | Comment |
---|---|---|---|
Eric Dalci | Cigital | updated Time_of_Introduction | |
KDM Analytics | added/updated white box definitions | ||
CWE Content Team | MITRE | updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Description, Name, Relationships | |
CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Alternate_Terms, Observed_Examples, Other_Notes, References, Relationship_Notes, Relationships, Research_Gaps | |
CWE Content Team | MITRE | updated Demonstrative_Examples | |
KDM Analytics | Improved the White_Box_Definition | ||
CWE Content Team | MITRE | updated White_Box_Definitions | |
CWE Content Team | MITRE | updated Description, Relationships | |
CWE Content Team | MITRE | updated Alternate_Terms, Relationships | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Demonstrative_Examples, Observed_Examples, References, Relationships | |
CWE Content Team | MITRE | updated Potential_Mitigations | |
CWE Content Team | MITRE | updated Demonstrative_Examples, Relationships, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated References, Relationships | |
CWE Content Team | MITRE | updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings | |
CWE Content Team | MITRE | updated Observed_Examples | |
CWE Content Team | MITRE | updated Description | |
CWE Content Team | MITRE | updated Detection_Factors, References, Relationships | |
CWE Content Team | MITRE | updated Mapping_Notes |