Description
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.
Potential Impact
Confidentiality, Integrity
Read Application Data, Modify Application Data
Detection Methods
- Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2003-0740 | Server leaks a privileged file descriptor, allowing the server to be hijacked. |
| CVE-2004-1033 | File descriptor leak allows read of restricted files. |
| CVE-2000-0094 | Access to restricted resource using modified file descriptor for stderr. |
| CVE-2002-0638 | Open file descriptor used as alternate channel in complex race condition. |
| CVE-2003-0489 | Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability. |
| CVE-2003-0937 | User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor. |
| CVE-2004-2215 | Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users. |
| CVE-2006-5397 | Module opens a file for reading twice, allowing attackers to read files. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — UNIX file descriptor leak
- CERT C Secure Coding: FIO42-C — Ensure files are properly closed when they are no longer needed
- Software Fault Patterns: SFP23 — Exposed Data
Frequently Asked Questions
What is CWE-403?
CWE-403 (Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
How can CWE-403 be exploited?
Attackers can exploit CWE-403 (Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')) to read application data, modify application data. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-403?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-403?
CWE-403 is classified as a Base-level weakness (Medium abstraction). It has been observed in 8 real-world CVEs.