CWE-271: Privilege Dropping / Lowering Errors
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
扩展描述
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
常见后果
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
影响范围: Access Control Non-Repudiation
技术影响: Gain Privileges or Assume Identity Hide Activities
说明: If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.
潜在缓解措施
阶段: Architecture and Design
策略: Separation of Privilege
阶段: Architecture and Design Operation
描述: Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
阶段: Architecture and Design
策略: Separation of Privilege
描述: Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
观察示例
参考: CVE-2000-1213
Program does not drop privileges after acquiring the raw socket.
参考: CVE-2001-0559
Setuid program does not drop privileges after a parsing error occurs, then calls another program to handle the error.
参考: CVE-2001-0787
Does not drop privileges in related groups when lowering privileges.
参考: CVE-2002-0080
Does not drop privileges in related groups when lowering privileges.
参考: CVE-2001-1029
Does not drop privileges before determining access to certain files.
参考: CVE-1999-0813
Finger daemon does not drop privileges when executing programs on behalf of the user being fingered.
参考: CVE-1999-1326
FTP server does not drop privileges if a connection is aborted during file transfer.
参考: CVE-2000-0172
Program only uses seteuid to drop privileges.
参考: CVE-2004-2504
Windows program running as SYSTEM does not drop privileges before executing other programs (many others like this, especially involving the Help facility).
参考: CVE-2004-0213
Utility Manager launches winhlp32.exe while running with raised privileges, which allows local users to gain system privileges.
参考: CVE-2004-0806
Setuid program does not drop privileges before executing program specified in an environment variable.
参考: CVE-2004-0828
Setuid program does not drop privileges before processing file specified on command line.
参考: CVE-2004-2070
Service on Windows does not drop privileges before using "view file" option, allowing code execution.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Privilege Dropping / Lowering Errors | - |