CWE-271

特権の剥奪／剥奪エラー

Privilege Dropping / Lowering Errors

脆弱性作成中

日本語説明

本製品は、リソースの制御をその特権を持たないアクターに渡す前に特権を落とすことはありません。

あるコンテキストでは、昇格した権限で実行されているシステムが、プロセス/ファイル/その他を別のプロセスやユーザーに引き渡すことがある。あるエンティティの特権が削減されない場合、昇格した特権がシステム全体に広がり、攻撃者に渡る可能性がある。

原文 (English)

The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.

In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.

関連する脆弱性

想定される影響

Scope: Access Control / Impact: Gain Privileges or Assume Identity

Scope: Access Control, Non-Repudiation / Impact: Gain Privileges or Assume Identity; Hide Activities

対策・緩和策

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

外部リンク

MITRE公式ページ — CWE-271