CWE-276

BaseDraft

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

484 linked vulnerabilities

2 related weaknesses

Architecture and Design

Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Architecture and Design

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide...

Confidentiality

Integrity

Read Application Data

Modify Application Data

Automated Static Analysis - Binary or Bytecode

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Inter-application Flow Analysis

Manual Static Analysis - Binary or Bytecode

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results Interpretation

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria
Web Application Scanner
Web Services Scanner
Database Scanners

Dynamic Analysis with Manual Results Interpretation

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Manual Static Analysis - Source Code

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Automated Static Analysis - Source Code

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Context-configured Source Code Weakness Analyzer

Automated Static Analysis

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Configuration Checker

Architecture or Design Review

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Modes of Introduction

Architecture and Design

Implementation

Installation

Operation

Related Weaknesses

CWE-732ChildOf CWE-732ChildOf

Example CVEs (7)

CVE-2005-1941

Executables installed world-writable.

CVE-2002-1713

Home directories installed world-readable.

CVE-2001-1550

World-writable log files allow information loss; world-readable file has cleartext passwords.

CVE-2002-1711

World-readable directory.

CVE-2002-1844

Windows product uses insecure permissions when installing on Solaris (genesis: port error).

External Links

MITRE CWE Database

CWE-276: Incorrect Default Permissions | Mondoo Vulnerability Intelligence