Description
The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
This prevents the product from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant locks might include an exclusive lock or mutex, or modifying a shared resource that is treated as a lock. If the lock can be held for an indefinite period of time, then the denial of service could be permanent.
Potential Impact
Availability
DoS: Resource Consumption (Other)
Demonstrative Examples
function writeToLog($message){$logfile = fopen("logFile.log", "a");
//attempt to get logfile lock
if (flock($logfile, LOCK_EX)) {fwrite($logfile,$message);
// unlock logfile
flock($logfile, LOCK_UN);}else {print "Could not obtain lock on logFile.log, message not recorded\n";}}fclose($logFile);Mitigations & Prevention
Use any access control that is offered by the functionality that is offering the lock.
Use unpredictable names or identifiers for the locks. This might not always be possible or feasible.
Consider modifying your code to use non-blocking synchronization methods.
Detection Methods
- White Box — Automated code analysis techniques might not be able to reliably detect this weakness, since the application's behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2001-0682 | Program can not execute when attacker obtains a mutex. |
| CVE-2002-1914 | Program can not execute when attacker obtains a lock on a critical output file. |
| CVE-2002-1915 | Program can not execute when attacker obtains a lock on a critical output file. |
| CVE-2002-0051 | Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition. |
| CVE-2000-0338 | Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness. |
| CVE-2000-1198 | Chain: Lock files with predictable names. Resultant from randomness. |
| CVE-2002-1869 | Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Unrestricted Critical Resource Lock
- 7 Pernicious Kingdoms: — Deadlock
- OWASP Top Ten 2004: A9 — Denial of Service
- The CERT Oracle Secure Coding Standard for Java (2011): LCK00-J — Use private final lock objects to synchronize classes that may interact with untrusted code
- The CERT Oracle Secure Coding Standard for Java (2011): LCK07-J — Avoid deadlock by requesting and releasing locks in the same order
- Software Fault Patterns: SFP22 — Unrestricted lock
Frequently Asked Questions
What is CWE-412?
CWE-412 (Unrestricted Externally Accessible Lock) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
How can CWE-412 be exploited?
Attackers can exploit CWE-412 (Unrestricted Externally Accessible Lock) to dos: resource consumption (other). This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-412?
Key mitigations include: Use any access control that is offered by the functionality that is offering the lock.
What is the severity of CWE-412?
CWE-412 is classified as a Base-level weakness (Medium abstraction). It has been observed in 7 real-world CVEs.