CWE-273: Improper Check for Dropped Privileges
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
扩展描述
If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
常见后果
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
影响范围: Access Control Non-Repudiation
技术影响: Gain Privileges or Assume Identity Hide Activities
说明: If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.
潜在缓解措施
阶段: Architecture and Design
策略: Separation of Privilege
阶段: Implementation
描述: Check the results of all functions that return a value and verify that the value is expected.
有效性: High
阶段: Implementation
描述: In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2006-4447
Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
参考: CVE-2006-2916
Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Failure to check whether privileges were dropped successfully | - |
| CERT C Secure Coding | POS37-C | Ensure that privilege relinquishment is successful | Exact |
| Software Fault Patterns | SFP4 | Unchecked Status Condition | - |