ByteOS Network

CAPEC-29:Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

Attack Pattern ID:29

Version:v3.9

Attack Pattern Name:Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

Abstraction:Standard

Status:Draft

Likelihood of Attack:High

Typical Severity:High

Details Content History Related Weaknesses Reports

▼Description

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.

▼Relationships

Nature	Type	ID	Name
ChildOf	M	26	Leveraging Race Conditions
ParentOf	D	27	Leveraging Race Conditions via Symbolic Links

Nature: ChildOf

Type: Meta

ID: 26

Name: Leveraging Race Conditions

Nature: ParentOf

Type: Detailed

ID: 27

Name: Leveraging Race Conditions via Symbolic Links

▼Execution Flow

Explore

The adversary explores to gauge what level of access they have.

Experiment

The adversary confirms access to a resource on the target host. The adversary confirms ability to modify the targeted resource.

Exploit

The adversary decides to leverage the race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary can replace the resource and cause an escalation of privilege.

▼Prerequisites

A resource is access/modified concurrently by multiple processes.

The adversary is able to modify resource.

A race condition exists while accessing a resource.

▼Skills Required

Medium

This attack can get sophisticated since the attack has to occur within a short interval of time.

▼Consequences

Scope	Likelihood	Impact	Note
Integrity	N/A	Modify Data	N/A
ConfidentialityAccess ControlAuthorization	N/A	Gain Privileges	N/A
ConfidentialityIntegrityAvailability	N/A	Alter Execution Logic	N/A
Confidentiality	N/A	Read Data	N/A
Availability	N/A	Resource Consumption	Denial of Service

Scope: Integrity

Likelihood: N/A

Impact: Modify Data

Note: N/A

Scope: Confidentiality, Access Control, Authorization

Likelihood: N/A

Impact: Gain Privileges

Note: N/A

Scope: Confidentiality, Integrity, Availability

Likelihood: N/A

Impact: Alter Execution Logic

Note: N/A

Scope: Confidentiality

Likelihood: N/A

Impact: Read Data

Note: N/A

Scope: Availability

Likelihood: N/A

Impact: Resource Consumption

Note: Denial of Service

▼Mitigations

Use safe libraries to access resources such as files.

Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.

Use synchronization to control the flow of execution.

Use static analysis tools to find race conditions.

Pay attention to concurrency problems related to the access of resources.

▼Example Instances

▼Related Weaknesses

ID	Name
CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-366	Race Condition within a Thread
CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-368	Context Switching Race Condition
CWE-370	Missing Check for Certificate Revocation after Initial Check
CWE-662	Improper Synchronization
CWE-663	Use of a Non-reentrant Function in a Concurrent Context
CWE-665	Improper Initialization
CWE-691	Insufficient Control Flow Management