...
In this noncompliant code example, sensitive information is supposedly stored in the dynamically allocated buffer, secret, which is processed and eventually deallocated cleared by a call to freememset_s(). The memory page containing secret can be swapped out to disk. If the program crashes before the call to freememset_s() completes, the information stored in secret may be stored in the core dump.
...
Writing sensitive data to disk preserves it for future retrieval by an attacker, who may even be able to bypass the access restrictions of the operating system by using a disk maintenance program.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM06-C | Medium | Unlikely | High | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Polyspace Bug Finder |
| Checks for sensitive data printed out (rec. partially covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | VOID MEM06-CPP. Ensure that sensitive data is not written out to disk |
| ISO/IEC TR 24772:2013 | Memory Locking [XZX] |
| MITRE CWE | CWE-591, Sensitive data storage in improperly locked memory CWE-528, Information leak through core dump files |
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interface, mlockXSH, System Interface, setrlimit |
| [Wheeler 2003] | Section 7.14 Section 11.4 |
...
...