Race Conditions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

CAN-2003-1073

A race condition at the command for Solaris 2.6 through 9 allows local users to delete arbitrary files vie the -r argument with .. sequences in the job name, then modify the directory structure after it check permissions to delete the file and before the deletion actually takes place

CVE-2008-2958

CheckInstall could allow a local attacker to launch a symlink attack caused by an error in the CheckInstall and InstallWatch scripts. Certain directories are created with insecure permissions

CWE-368

Context Switching Race Condition

Race Conditions Summary

Do write code that doesn't depend on side effects Do be very careful when writing signal handlers Do NOT modify global resources without locking Consider writing temporary files into a per-user store instead of a world-writable space

Race Condition Explained

If a function is non-reetrant, and two threads are in the function at once, then things are going to break Checking if a file exists can allow the attacker to create a file in between checking and opening the file, allowing the attacker to open a malicious file

Race Condition Redemption Steps

Understand how to correctly write reentrant code even if the application won't be running in a threaded environment Locking shared resources If you're executing a signal handler or exception handler, the only really safe thing to do may be to exit()

Spotting the Race ConditionSin During Code Review

Look at the code and at the library functions that you call. Nonreentrant code will manipulate variables declared outside of local scope If you are able to change the information in a noncontrolled manner. Look for processes external to your own interfacing with your process. Look for file and directory creating in publicly writable areas and the use of predictable filenames Look for any case of where files are created in a shared directory Never depend on routines to create a "new" filename

Spotting the Race Condition Sin Pattern

More than one thread or process must write to the same resource Creating files or directories in common areas Signal Handlers Nonreentrant functions in a multithreaded application or a signal handler. Note that signals are close to useless on a Windows system are aren't susceptible to this problem

CWE-362

Race Condition (parent)

CWE-421

Race Condition During Access to Alternate Channel

CWE-366

Race Condition Within a Thread

CWE-370

Race Condition in Checking for Certificate Revocation

CWE-365

Race Condition in Switch

CVE-2000-0849

Race condition in Microsoft windows media server allows remote attackers to cause a DoS in the Windows Media Unicast Service via malformed request aka "Unicast Service Race Condition" vulnerability

CVE-2008-0379

Race condition in the enterprise tree activeX control in Crystal Reports IX Release 2 allows remote attackers to cause a DoS and possibly execute arbitrary code via SelectedSession method

Testing Techniques to Find the Sin

Run the tests on a fast multiprocessor system - if you start seeing crashes you can't produce on a single-processor system them you almost certainly found a race condition To find signal-handling problems, create an application to send signals closely together to the suspect application, and see if crashed can be made to occur In order to find temp file races, enable logging on you file system and look for predictable names being created in public directories

CVE-2001-1349

Sendmail before 8.11.4, 8.12.0, and 8.12.0Beta10 allows local usese to create DoS and possibly corrupt the heap and gain privileges via race conditions in signal handlers

CWE-364

Signal Handler Race Condition

CWE-367

Time-of-Check Time-of-User (TOCTOU) Race Condition


Ensembles d'études connexes

Skeletal System: Bones and Bone Tissue

View Set

Body paragraph , hook and conclusion

View Set

AWS Certified Cloud Practitioner Study Guide

View Set

словарь переводческих терминов

View Set