alpine 3.8
access weakness #14

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

freerdp/src/FreeRDP-2.0.0-rc2/winpr/libwinpr/rpc/rpc.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 access weakness.

 	return 0;
}

RPC_STATUS RpcEpResolveBinding(RPC_BINDING_HANDLE Binding, RPC_IF_HANDLE IfSpec)
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
}

RPC_STATUS RpcNsBindingInqEntryNameA(RPC_BINDING_HANDLE Binding,
                                     unsigned long EntryNameSyntax, RPC_CSTR* EntryName)
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
}

RPC_STATUS RpcNsBindingInqEntryNameW(RPC_BINDING_HANDLE Binding,
                                     unsigned long EntryNameSyntax, RPC_WSTR* EntryName)
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
}


RPC_STATUS RpcImpersonateClient(RPC_BINDING_HANDLE BindingHandle)
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
}

RPC_STATUS RpcRevertToSelfEx(RPC_BINDING_HANDLE BindingHandle)
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
}

RPC_STATUS RpcRevertToSelf()
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
}

RPC_STATUS RpcBindingInqAuthClientA(RPC_BINDING_HANDLE ClientBinding,
                                    RPC_AUTHZ_HANDLE* Privs,
                                    RPC_CSTR* ServerPrincName, unsigned long* AuthnLevel, unsigned long* AuthnSvc,
                                    unsigned long* AuthzSvc)
{
	WLog_ERR(TAG, "Not implemented");
	return 0;
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.