CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

Description

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.

Extended Description

RFC 793 defines the required behavior of any TCP/IP device in that an incoming connection request begins with a SYN packet, which in turn must be followed by a SYN/ACK packet from the receiving service. For this reason, like TCP Connect scanning, SYN scanning works against any TCP stack. Unlike TCP Connect scanning, it is possible to scan thousands of ports per second using this method. This type of scanning is usually referred to as 'half-open' scanning because it does not complete the three-way handshake. The scanning rate is extremely fast because no time is wasted completing the handshake or tearing down the connection. This technique allows an attacker to scan through stateful firewalls due to the common configuration that TCP SYN segments for a new connection will be allowed for almost any port. TCP SYN scanning can also immediately detect 3 of the 4 important types of port status: open, closed, and filtered.

Severity :

High

Possibility :

High

Type :

Standard

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-26: Leveraging Race Conditions Leveraging Race Conditions CAPEC-27: Leveraging Race Conditions via Symbolic Links Leveraging Race Conditions via Symbolic Links

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

A resource is access/modified concurrently by multiple processes.
The adversary is able to modify resource.
A race condition exists while accessing a resource.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Medium This attack can get sophisticated since the attack has to occur within a short interval of time.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-366: Race Condition within a Thread

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-368: Context Switching Race Condition

CWE-370: Missing Check for Certificate Revocation after Initial Check

CWE-662: Improper Synchronization

CWE-663: Use of a Non-reentrant Function in a Concurrent Context

CWE-665: Improper Initialization

CWE-691: Insufficient Control Flow Management

Visit http://capec.mitre.org/ for more details.