CWE-782: Exposed IOCTL with Insufficient Access Control
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
常见后果
影响范围: Integrity Availability Confidentiality
技术影响: Varies by Context
说明: Attackers can invoke any functionality that the IOCTL offers. Depending on the functionality, the consequences may include code execution, denial-of-service, and theft of data.
潜在缓解措施
阶段: Architecture and Design
描述: In Windows environments, use proper access control for the associated device or device namespace. See References.
观察示例
参考: CVE-2009-2208
Operating system does not enforce permissions on an IOCTL that can be used to modify network settings.
参考: CVE-2008-3831
Device driver does not restrict ioctl calls to its direct rendering manager.
参考: CVE-2008-3525
ioctl does not check for a required capability before processing certain requests.
参考: CVE-2008-0322
Chain: insecure device permissions allows access to an IOCTL, allowing arbitrary memory to be overwritten.
参考: CVE-2007-4277
Chain: anti-virus product uses weak permissions for a device, leading to resultant buffer overflow in an exposed IOCTL.
参考: CVE-2007-1400
Chain: sandbox allows opening of a TTY device, enabling shell commands through an exposed ioctl.
参考: CVE-2006-4926
Anti-virus product uses insecure security descriptor for a device driver, allowing access to a privileged IOCTL.
参考: CVE-1999-0728
Unauthorized user can disable keyboard or mouse by directly invoking a privileged IOCTL.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |