Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failure to follow the principle of least privilege may allow exploits to execute with elevated privileges.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

POS02-C

high

High

likely

Likely

high

High

P9

L2

Automated Detection

Tool

Version

Checker

Description

Klocwork
Include Page
Klocwork_V
Klocwork_V
SV.BRM.HKEY_LOCAL_MACHINE
SV.USAGERULES.PERMISSIONS

Related Vulnerabilities

CVE-2009-2031 results from a violation of this recommendation. OpenSolaris, in smbfs snv_84 through snv_110, sets permissions based on mount-point options and not actual user information (obtained from the getuid() and getgid() functions). An attacker can exploit this to achieve higher permissions. Also, in a certain initialization mode, the code grants read, write, and execute permissions to users other than the owner, which can be exploited to make files world readable [xorl 2009].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC TR 24772Adherence to Least Privilege [XYN]
MITRE CWECWE-250, Execution with unnecessary privileges
CWE-272, Least privilege violation

Bibliography

...


...

Image Modified Image Modified Image Modified