Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-528:Exposure of Core Dump File to an Unauthorized Control Sphere
Weakness ID:528
Version:v4.17
Weakness Name:Exposure of Core Dump File to an Unauthorized Control Sphere
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

▼Extended Description

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowedB552Files or Directories Accessible to External Parties
Nature: ChildOf
Mapping: Allowed
Type: Base
ID: 552
Name: Files or Directories Accessible to External Parties
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
MemberOfProhibitedC742CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
MemberOfProhibitedC876CERT C++ Secure Coding Section 08 - Memory Management (MEM)
MemberOfProhibitedC963SFP Secondary Cluster: Exposed Data
MemberOfProhibitedC1011Authorize Actors
MemberOfProhibitedC1403Comprehensive Categorization: Exposed Resource
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 731
Name: OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 742
Name: CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 876
Name: CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 963
Name: SFP Secondary Cluster: Exposed Data
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1011
Name: Authorize Actors
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1403
Name: Comprehensive Categorization: Exposed Resource
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-319Read Files or Directories (impact)
MemberOfProhibitedBSBOSS-328Read Application Data (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-319
Name: Read Files or Directories (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-328
Name: Read Application Data (impact)
▼Relevant To View
Relevant to the view"Architectural Concepts - (1008)"
NatureMappingTypeIDName
MemberOfProhibitedC1011Authorize Actors
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1011
Name: Authorize Actors
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC963SFP Secondary Cluster: Exposed Data
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 963
Name: SFP Secondary Cluster: Exposed Data
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
ConfidentialityN/ARead Application DataRead Files or Directories
N/A
Scope: Confidentiality
Likelihood: N/A
Impact: Read Application Data, Read Files or Directories
Note:
N/A
▼Potential Mitigations
Phase:System Configuration
Mitigation ID:
Strategy:
Effectiveness:
Description:

Protect the core dump files from unauthorized access.

Note:

▼Modes Of Introduction
Phase: Operation
Note:

OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.

▼Applicable Platforms
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      Automated Static Analysis
      Detection Method ID:DM-14
      Description:

      Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

      Effectiveness:High
      Note:

      N/A

      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      CERT C Secure CodingMEM06-CN/AEnsure that sensitive data is not written out to disk
      Taxonomy Name: CERT C Secure Coding
      Entry ID: MEM06-C
      Fit: N/A
      Entry Name: Ensure that sensitive data is not written out to disk
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found