Description
During installation, installed file permissions are set to allow anyone to modify those files.
Potential Impact
Confidentiality, Integrity
Read Application Data, Modify Application Data
Mitigations & Prevention
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privileg
Detection Methods
- Automated Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Manual Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Dynamic Analysis with Automated Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
- Dynamic Analysis with Manual Results Interpretation High — According to SOAR [REF-1479], the following detection techniques may be useful:
- Manual Static Analysis - Source Code High — According to SOAR [REF-1479], the following detection techniques may be useful:
- Automated Static Analysis - Source Code SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2005-1941 | Executables installed world-writable. |
| CVE-2002-1713 | Home directories installed world-readable. |
| CVE-2001-1550 | World-writable log files allow information loss; world-readable file has cleartext passwords. |
| CVE-2002-1711 | World-readable directory. |
| CVE-2002-1844 | Windows product uses insecure permissions when installing on Solaris (genesis: port error). |
| CVE-2001-0497 | Insecure permissions for a shared secret key file. Overlaps cryptographic problem. |
| CVE-1999-0426 | Default permissions of a device allow IP spoofing. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Insecure Default Permissions
- CERT C Secure Coding: FIO06-C — Create files with appropriate access permissions
- The CERT Oracle Secure Coding Standard for Java (2011): FIO01-J — Create files with appropriate access permission
- ISA/IEC 62443: Part 2-4 — Req SP.03.08
- ISA/IEC 62443: Part 4-2 — Req CR 2.1
Frequently Asked Questions
What is CWE-276?
CWE-276 (Incorrect Default Permissions) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. During installation, installed file permissions are set to allow anyone to modify those files.
How can CWE-276 be exploited?
Attackers can exploit CWE-276 (Incorrect Default Permissions) to read application data, modify application data. This weakness is typically introduced during the Architecture and Design, Implementation, Installation, Operation phase of software development.
How do I prevent CWE-276?
Key mitigations include: The architecture needs to access and modification attributes for files to only those users who actually require those actions.
What is the severity of CWE-276?
CWE-276 is classified as a Base-level weakness (Medium abstraction). It has been observed in 7 real-world CVEs.