CWE-403
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-04-03
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
Description du CWE
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
Informations générales
Modes d'introduction
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.Plateformes applicables
Langue
Name: C (Undetermined)Class: Not Language-Specific (Undetermined)
Systèmes d’exploitation
Class: Unix (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Confidentiality Integrity | Read Application Data, Modify Application Data |
Exemples observés
| Références | Description |
|---|---|
CVE-2003-0740 | Server leaks a privileged file descriptor, allowing the server to be hijacked. |
CVE-2004-1033 | File descriptor leak allows read of restricted files. |
CVE-2000-0094 | Access to restricted resource using modified file descriptor for stderr. |
CVE-2002-0638 | Open file descriptor used as alternate channel in complex race condition. |
CVE-2003-0489 | Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability. |
CVE-2003-0937 | User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor. |
CVE-2004-2215 | Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users. |
CVE-2006-5397 | Module opens a file for reading twice, allowing attackers to read files. |
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Références
REF-392
File descriptors and setuid applicationsPaul Roberts.
https://blogs.oracle.com/paulr/entry/file_descriptors_and_setuid_applications
REF-393
Introduction to Secure Coding GuideApple.
https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Affected_Resources, Observed_Examples, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Name | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Alternate_Terms, Description, Name, Observed_Examples, References | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated References, Relationships, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Applicable_Platforms |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.