Example Sins

The following entries in Common Vulnerabilities and Exposures (CVE), at http:// cve.mitre.org, are examples of this sin.

CVE-2000-0100

From the CVE description: The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

The executable run by the Short Message Service (SMS) Remote Control feature was written into a directory writable by any local user. If the remote control feature was enabled, any user on the system could run code of their choice under the localsystem context. (See www.microsoft.com/technet/security/Bulletin/MS00-012.mspx.)

CAN-2002-1590

From the CVE description:

Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 or later installs the SUNWwbdoc, SUNWwbcou, SUNWwbdev, and SUNWmgapp packages with group or world writable permissions, which may allow local users to cause a denial of service or gain privileges.

More information on this problem can be found at http://cve.mitre.org/cgi-bin/cvename.cgi? name =CAN-2002-1590 and www.securityfocus.com/bid/6061/.

CVE-1999-0886

From the CVE description: The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

More information on this problem can be found at www.microsoft.com/technet/security/Bulletin/MS99-041.mspx. The RAS manager service had an ACL that was intended to allow any user to start and stop the service, but it allowed any user to also change the configuration, including the path to the service binary, which ran as the local system account.

CAN-2004-0311

American Power Conversions Web/SNMP Management SmartSlot Card AP9606 AOS versions 3.2.1 and 3.0.3 ship with a default, hardcoded password. A local or remote attacker with the ability to establish a Telnet connection to the device could supply an arbitrary username and the default password TENmanUFactOryPOWER to gain un- authorized access to the device.

CAN-2004-0391

According to the Cisco Security Advisory at www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml:

A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled. There is no workaround.



19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net