Write-what-where ConditionID: 123 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
Any condition where the attacker has the ability to write an
arbitrary value to an arbitrary location, often as the result of a buffer
overflow.
Likelihood of Exploit: High
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
IntegrityConfidentialityAvailabilityAccess_Control | Modify memoryExecute unauthorized code or
commandsGain privileges / assume
identityDoS: crash / exit /
restartBypass protection
mechanism | Clearly, write-what-where conditions can be used to write data to
areas of memory outside the scope of a policy. Also, they almost
invariably can be used to execute arbitrary code, which is usually
outside the scope of a program's implicit security policy.If the attacker can overwrite a pointer's worth of memory (usually 32
or 64 bits), he can redirect a function pointer to his own malicious
code. Even when the attacker can only modify a single byte arbitrary
code execution can be possible. Sometimes this is because the same
problem can be exploited repeatedly to the same effect. Other times it
is because the attacker can overwrite security-critical
application-specific data -- such as a flag indicating whether the user
is an administrator. |
IntegrityAvailability | DoS: crash / exit /
restartModify memory | Many memory accesses can lead to program termination, such as when
writing to addresses that are invalid for the current process. |
Access_ControlOther | Bypass protection
mechanismOther | When the consequence is arbitrary code execution, this can often be
used to subvert any other security service. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
| | Pre-design: Use a language that provides appropriate memory
abstractions. | | |
Architecture and Design | | Integrate technologies that try to prevent the consequences of this
problem. | | |
Implementation | | Take note of mitigations provided for other flaws in this taxonomy
that lead to write-what-where conditions. | | |
| | Operational: Use OS-level preventative functionality integrated after
the fact. Not a complete solution. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-123 ChildOf CWE-890 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The classic example of a write-what-where condition occurs when the
accounting information for memory allocations is overwritten in a particular
fashion. Here is an example of potentially vulnerable code:
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CLASP | | Write-what-where condition | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 5: Buffer Overruns." Page 89'. Published on 2010.