CWE-266: Incorrect Privilege Assignment

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

The following example demonstrates the weakness.


// /* do some stuff */// 
seteuid(0);seteuid(getuid());

Example - 2

The following example demonstrates the weakness.

// // privileged code goes here, for example:// 
// // nothing to return// 
System.loadLibrary("awt");return null;public Object run() {}AccessController.doPrivileged(new PrivilegedAction() {

Example - 3

This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.


Intent intent = new Intent();intent.setAction("com.example.BackupUserData");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);


Uri userData = intent.getData();stealUserData(userData);@Overridepublic void onReceive(Context context, Intent intent) {}public class CallReceiver extends BroadcastReceiver {}

Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user's data.

Related Weaknesses

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 14, 2024 4:20