CWE-270 Detalhe

CWE-270

Privilege Context Switching Error
Draft
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Gerenciar notificações

Nome: Privilege Context Switching Error

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Informações Gerais

Modos de Introdução

Architecture and Design
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Operation

Plataformas Aplicáveis

Linguagem

Class: Not Language-Specific (Undetermined)

Tecnologias

Class: Not Technology-Specific (Undetermined)

Consequências Comuns

Escopo Impacto Probabilidade
Access ControlGain Privileges or Assume Identity

Note: A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users.

Exemplos Observados

Referências Descrição

CVE-2002-1688

Web browser cross domain problem when user hits "back" button.

CVE-2003-1026

Web browser cross domain problem when user hits "back" button.

CVE-2002-1770

Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.

CVE-2005-2263

Run callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers.

Mitigações Potenciais

Phases : Architecture and Design // Operation
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Phases : Architecture and Design // Operation
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Phases : Architecture and Design
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

Notas de Mapeamento de Vulnerabilidade

Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Padrões de Ataque Relacionados

CAPEC-ID Nome do Padrão de Ataque
CAPEC-17 Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-30 Hijacking a Privileged Thread of Execution
An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.
CAPEC-35 Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

Notas

This concept needs more study.

Referências

REF-7

Writing Secure Code
Michael Howard, David LeBlanc.
https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223

REF-76

Least Privilege
Sean Barnum, Michael Gegick.
https://web.archive.org/web/20211209014121/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege

Submissão

Nome Organização Data Data de lançamento Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modificações

Nome Organização Data Comentário
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Description, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2009-12-28 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2010-02-16 +00:00 updated References
CWE Content Team MITRE 2010-06-21 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Common_Consequences, Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations, References
CWE Content Team MITRE 2014-02-18 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Modes_of_Introduction, References, Relationships
CWE Content Team MITRE 2018-03-27 +00:00 updated References
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2022-04-28 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2022-10-13 +00:00 updated References
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Applicable_Platforms, Weakness_Ordinalities
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.