CWE-362
Weakness ID:362(Weakness Class)
Status: Draft
v
R[h͓̑ԂŁȀԂύXȂ悤vĂ܂A\ʎ̂vZXɂAύX\ȃ^C~OEBhE݂܂B
ڍׂȉ
{Ǝ㐫́A\ꂽZLeBdȃR[h (F[UFĂ邩ۂL^́AO҂̉eĂ͂ȂȂdvȏԏύX̓) ɑ݂ꍇAZLeB̉e^\܂B
Ǝ㐫̔
A[LeN`ѐv
YvbgtH[
A[LeN`̎
L\[XŁAɔVXe
ʓIȉe
| e͈ | e |
|---|---|
| p | ZpICpNgFDoSiCPU ̃\[XjADoSĩ\[XjADoSȋ̃\[Xj
ԂɂA\[X̃N[Abv[`̉A܂͕̏[`NƂ\ȏꍇA resource exhaustion (CWE-400) ꂪ܂B |
| p | ZpICpNgF DoS: crash / exit / restartADoSisj
ԂɂA̐t[Ɉ̃\[XɃANZX邱Ƃ\ȏꍇAvO\ȂԂɊׂANbV\܂B |
| @ S |
ZpICpNgFt@CfBNg̓ǂݎ
ԂA\ȃ\[Xs\ȃANZXƌтہAU҂ɂA@f[^փANZX܂͏㏑\܂B(CWE-59) |
U\
oi
ubN{bNX
ubN{bNX@́A̓ڑɂ\tgEFAsɂA邢̓NbV@gpāAԂ̒肷邱Ƃ\łBAɒ[ɎԂ̎tԂ͌ołB
zCg{bNX
ʓIȋԂ́ATime-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) ADouble-Checked Locking (CWE-609) ̂悤ȁAzCg{bNXɂ镪͂Ōo\łB
I
{Ǝ㐫́At@YeXg(t@WO)AoXglXeXg(挒̃eXg)AtH[gCWFNV(G[킴ƋNeXg)A푽lȓ͂cȃeXgP[Xgpă\tgEFA͂AIȃc[ZppČo邱Ƃ\łB
\tgEFȀx͒ቺ܂AsɂȂANbVAsmȌʂoƂƂ͂܂B
Ԃ́AcȐ̃XbhvZX瓯Ƀ\tgEFAĂяoA\Ȃӂ܂̒TAXgXeXgɂ茟o\łB
鎞ԂlHIɒA֘AR[h̊ԂɃuCN|Cg̑}x邱ƂɂA{Ǝ㐫o₷܂B
LF
ƎȃR[h
1:
ȉ̗́AsԂ̑T|[gdqAvP[ṼR[hłBvz擾ĐV֑ǍA̋ẑłB
Example Language: Perl (Bad Code)
$transfer_amount = GetTransferAmount();
$balance = GetBalanceFromDatabase();
if ($transfer_amount < 0) {
FatalError("Bad Transfer Amount");
}
$newbalance = $balance - $transfer_amount;
if (($balance - $transfer_amount) < 0) {
FatalError("Insufficient Funds");
}
SendNewBalanceToDatabase($newbalance);
NotifyUser("Transfer of $transfer_amount succeeded.");
NotifyUser("New balance: $newbalance");
̗ł́AGetBalanceFromDatabase() SendNewBalanceToDatabase() ̌ĂяoԂŋԂ\܂BႦWeb AvP[Vŕ̃NGXg쐬Ȃǂ̎iŁÃ[ŨvOAɌĂяoꍇAȉ̗lȍU\łBcl 100.00 Ɖ肵܂B
U҂͂̃vOɌĂяo߁Ã[UAJEgŁuCALLER-1vсuCALLER-2v쐬܂B
CALLER-1(U) PROGRAM-1( CALLER-1 𑀍삷CX^X)ƌтĂACALLER-2 PROGRAM-2 ƌтĂ܂B
CALLER-1 80.00 𑗋郊NGXg쐬܂B PROGRAM-1 GetBalanceFromDatabase ĂяoƁA$balance ̒l 100.00ɐݒ肳܂B PROGRAM-1 $newbalance 20.00 ƌvZASendNewBalanceToDatabase() Ăяo܂AT[oɑ傫ȕׂĂяoɒxꂪ܂B
CALLER-2 ́A1.00 𑗋郊NGXg쐬܂B
PROGRAM-2 GetBalanceFromDatabase() Ăяo܂APROGRAM-1 ̃NGXg̏A$balance ̒l 100.00 ƂȂ܂B
PROGRAM-2 $newbalance 99.00 ƌvZ܂B
xĂ PROGRAM-1 $balance f[^x[XɑM 20.00 ɕύX܂B
PROGRAM-2 ̓f[^x[XXV邽߂ɁAc 99.00 ɐݒ肵NGXg𑗐M܂B
{łAPROGRAM-1 PROGRAM-2 ōv 81.00 𑗋߁AU҂̍c 19.00 ƂȂ܂BAԂɂAf[^x[X̍c 99.00 ƋL^܂B
{Ǝ㐫̖h~ƂẮAWeb AvP[Vɑ镡̓NGXgՒf郍bN̎gpAGetBalanceFromDatabase() SendNewBalanceToDatabase() ̊Ԃ̑SẴR[h܂ޓJjY̎gpȂǂ܂B
2:
ȉ̊́AL\[Xős邽߂ɁAbN悤Ƃ̂łB
TvF C ij
void f(pthread_mutex_t *mutex) {
pthread_mutex_lock(mutex);
/* access shared resource */
pthread_mutex_unlock(mutex);
}
̃R[h́Apthread_mutex_lock()̕Ԃl̊mFsĂ炸AG[oł܂Bpthread_mutex_lock() ~[ebNX̎擾ɎsꍇAvO͋ԂɊׂA\Ȃӂ܂܂B
f[^̋Kɉ邽߂ɂ́A邢͏ʑwւ̃|[gKvłB̑ΏsꍇłAvO̓XbȟʂmFAKɑSẴG[ׂłB
iǂj
int f(pthread_mutex_t *mutex) {
int result;
result = pthread_mutex_lock(mutex);
if (0 != result)
return result;
/* access shared resource */
return pthread_mutex_unlock(mutex);
}
c
ꂽ
| Q | ڍ |
|---|---|
| CVE-2008-5044 | Race condition leading to a crash by calling a hook removal procedure while other activities are occurring at the same time. |
| CVE-2008-2958 | chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks. |
| CVE-2008-1570 | chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks. |
| CVE-2008-0058 | Unsynchronized caching operation enables a race condition that causes messages to be sent to a deallocated object. |
| CVE-2008-0379 | Race condition during initialization triggers a buffer overflow. |
| CVE-2007-6599 | Daemon crash by quickly performing operations and undoing them, which eventually leads to an operation that does not acquire a lock. |
| CVE-2007-6180 | chain: race condition triggers NULL pointer dereference |
| CVE-2007-5794 | Race condition in library function could cause data to be sent to the wrong process. |
| CVE-2007-3970 | Race condition in file parser leads to heap corruption. |
| CVE-2008-5021 | chain: race condition allows attacker to access an object while it is still being initialized, causing software to access uninitialized memory. |
| CVE-2009-4895 | chain: race condition for an argument value, possibly resulting in NULL dereference |
| CVE-2009-3547 | chain: race condition might allow resource to be released before operating on it, leading to NULL dereferenc |
Q̊ɘa
tF[YFA[LeN`ѐv
ɂT|[gĂꍇ́A{߁isynchronization primitivejgpĉBptH[}Xւ̉eŏƂ邽߁AdvȃR[ĥ݂ɓKpĉB
tF[YFA[LeN`ѐv
Spring t[[N data access abstraction ȂǁAXbhZ[tȋ@\gpĉB
tF[YFA[LeN`ѐv
t[̕G\Ȍ菜A\ȂԂɊׂ\ጸ邽߂ɁAL\[X̎gpŏɂĂB
āA̎íAKvƂӏŏAU҂JԂNeBJZNVs邱Ƃɂ蔭 DoS ̉\ጸ₷܂B
tF[YF
}`XbhgpꍇALϐ̑ł́AXbhZ[tȊ݂̂gpĉB
tF[YF
Lϐ̓Ag~bNsĉB x++ ̗lȃRXgN^Al̓ǂݍ݂Ƃ݂̌̏ʁX̖߂ōsAAg~bNł͂Ȃ̂ŒӂKvłB
tF[YF
\ł~[ebNXgpĉB̍ۂ́ACWE-412 ̃~[ebNX̎gpɊ֘AƎ㐫ĉB
tF[YF
ɂI[owbh̉Ŕ double-checked locking (CWE-609) т̑̎G[ĉB
tF[YF
R[h̏dvȕł̊荞݁A܂̓VOiĉBAR[h傫ȃ[v܂͖[vɂȂȂƂmFĉB
tF[YF
RpCɂ\ȂœK܂͍Đ邽߁AdvȕϐɂĂ͊̏CqgpĉB̕@́AK킯ł͂܂ALȑłB
tF[YFA[LeN`ѐvAIy[V
헪F ̋
Kvȃ^XNs邽߂ɋ߂ŏ̌gpăR[hsĂB\łÃ^XN݂̂ɎgpA肵PƂ̃AJEg쐬ĂBɂAUꍇłAɑ̃\tgEFA₻̊փANZX邱Ƃ͖hƂł܂BႦAɓIȃIy[VɂāA߂Ƀf[^x[X̊ǗҌKvƂȂf[^x[XAvP[V܂B
W
| Nature | Type | ID | Name | View(s) this relationship pertains to |
|---|---|---|---|---|
| ChildOf | Category | 361 | Time and State | Development Concepts (primary)699 |
| ChildOf | Category | 743 | CERT C Secure Coding Section 09 - Input Output (FIO) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
| ChildOf | Category | 751 | 2009 Top 25 - Insecure Interaction Between Components | Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750 |
| ChildOf | Category | 801 | 2010 Top 25 - Insecure Interaction Between Components | Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800 |
| ChildOf | Weakness Base | 821 | Incorrect Synchronization | Research Concepts (primary)1000 |
| RequiredBy | Compound Element: Composite | 61 | UNIX Symbolic Link (Symlink) Following | Research Concepts1000 |
| RequiredBy | Compound Element: Composite | 689 | Permission Race Condition During Resource Copy | Research Concepts1000 |
| ParentOf | Weakness Base | 364 | Signal Handler Race Condition | Development Concepts (primary)699 |
| Research Concepts (primary)1000 | ||||
| ParentOf | Weakness Base | 366 | Race Condition within a Thread | Development Concepts (primary)699 |
| Research Concepts (primary)1000 | ||||
| ParentOf | Weakness Base | 367 | Time-of-check Time-of-use (TOCTOU) Race Condition | Development Concepts (primary)699 |
| Research Concepts (primary)1000 | ||||
| ParentOf | Weakness Base | 368 | Context Switching Race Condition | Development Concepts (primary)699 |
| Research Concepts (primary)1000 | ||||
| ParentOf | Weakness Base | 421 | Race Condition During Access to Alternate Channel | Development Concepts699 |
| Research Concepts1000 | ||||
| ParentOf | Weakness Base | 421 | Race Condition During Access to Alternate Channel | Development Concepts699 |
| MemberOf | View | 635 | Weaknesses Used by NVD | Weaknesses Used by NVD (primary)635 |
| CanFollow | Weakness Base | 609 | Double-Checked Locking | Development Concepts699 |
| Research Concepts1000 | ||||
| CanFollow | Weakness Base | 662 | Improper Synchronization | Development Concepts699 |
| Research Concepts1000 | ||||
| CanAlsoBe | Category | 557 | Research Concepts1000 | Research Concepts1000 |
v iCWE ̌j
Web AvP[Vɂ鋣ԂɂĂ͌łAłB2008Nɂ́Ä̗ւ̑傫ȊS܂B
Ԃ̌̑́ATime-of-check Time-of-use (TOCTOU) variants (CWE-367) ɏœ_ĂĂ܂A`FbN̎ԂKvƂȂԂ݂܂B
gDł̕
| gD܂͑gDł̕ | m[h ID | CWE̕ނƂ̓Kx | ޖ |
|---|---|---|---|
| PLOVER | Race Conditions | ||
| CERT C Secure Coding | FIO31-C | Do not simultaneously open the same file multiple times |
֘AUp^[
| CAPEC-ID | Up^[ (CAPEC Version 1.5) |
|---|---|
| 26 | Leveraging Race Conditions |
| 29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
Q
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 13: Race Conditions." Page 205. McGraw-Hill. 2010.
Andrei Alexandrescu. "volatile - Multithreaded Programmer's Best Friend". Dr. Dobb's. 2008-02-01. <http://www.ddj.com/cpp/184403766>.
Steven Devijver. "Thread-safe webapps using Spring". <http://www.javalobby.org/articles/thread-safe/index.jsp>.
David Wheeler. "Prevent race conditions". 2007-10-04. <http://www.ibm.com/developerworks/library/l-sprace.html>.
Matt Bishop. "Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux". September 1995. <http://www.cs.ucdavis.edu/research/tech-reports/1995/CSE-95-9.pdf>.
David Wheeler. "Secure Programming for Linux and Unix HOWTO". 2003-03-03. <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html>.
Blake Watts. "Discovering and Exploiting Named Pipe Security Flaws for Fun and Profit". April 2002. <http://www.blakewatts.com/namedpipepaper.html>.
Roberto Paleari, Davide Marrone, Danilo Bruschi and Mattia Monga. "On Race Vulnerabilities in Web Applications". <http://security.dico.unimi.it/~roberto/pubs/dimva08-web.pdf>.
"Avoiding Race Conditions and Insecure File Operations". Apple Developer Connection. <http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html>.
Johannes Ullrich. "Top 25 Series - Rank 25 - Race Conditions". SANS Software Security Institute. 2010-03-26. <http://blogs.sans.org/appsecstreetfighter/2010/03/26/top-25-series-rank-25-race-conditions/>.
ێ⑫
ԂƁA̖ (CWE-662) Ƃ̊WɂẮAڍׂ炩ɂȂĂ܂B͋ԂZp̈ɉ߂AԂhȊO̖ړIɂgpĂ܂B
XV
[2011N0421]
2010N1012_̃f[^ɍXV
[2009N0629]
2009N0202_̉L URL ɍ쐬
http://cwe.mitre.org/data/definitions/362.html
o^ 2011/04/21
ŏIXV 2023/04/04
