CWE-515: Covert Storage Channel
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from that of ordinary operation is that the bits are used to convey encoded information.
扩展描述
Covert storage channels occur when out-of-band data is stored in messages for the purpose of memory reuse. Covert channels are frequently classified as either storage or timing channels. Examples would include using a file intended to hold only audit information to convey user passwords--using the name of a file or perhaps status bits associated with it that can be read by all users to signal the contents of the file. Steganography, concealing information in such a manner that no one but the intended recipient knows of the existence of the message, is a good example of a covert storage channel.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
说明: Covert storage channels may provide attackers with important information about the system in question.
影响范围: Integrity Confidentiality
技术影响: Read Application Data
说明: If these messages or packets are sent with unnecessary data contained within, it may tip off malicious listeners as to the process that created the message. With this information, attackers may learn any number of things, including the hardware platform, operating system, or algorithms used by the sender. This information can be of significant value to the user in launching further attacks.
潜在缓解措施
阶段: Implementation
描述: Ensure that all reserved fields are set to zero before messages are sent and that no unnecessary information is included.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Landwehr | - | Storage | - |
| CLASP | - | Covert storage channel | - |