centos 6
access weakness #22

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

mvapich-1.2rc1/psm/mpid/nt_server/winmpd/mpd/launchprocess.cpp

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 access weakness.

     //saInfo.wShowWindow = SW_SHOW;
    
    SetEnvironmentVariables(env);
    pEnv = GetEnvironmentStrings();
    
    ParseAccountDomain(domainaccount, account, domain);
    if (strlen(domain) < 1)
	pszDomain = NULL;
    else
	pszDomain = domain;

    hUser = GetUserHandle(account, pszDomain, password, nError);
    if (hUser == INVALID_HANDLE_VALUE)
    {
	strcpy(pszError, "LogonUser failed, ");
	FreeEnvironmentStrings((TCHAR*)pEnv);
	SetCurrentDirectory(tSavedPath);
	RemoveEnvironmentVariables(env);
	CloseHandle(*hIn);
	CloseHandle(*hOut);
	CloseHandle(*hErr);
	goto RESTORE_CLEANUP;
    }

    if (ImpersonateLoggedOnUser(hUser))
    {
	if (!MapUserDrives(map, domainaccount, password, pszError))
	{
	    err_printf("LaunchProcessLogon:MapUserDrives(%s, %s) failed, %s", map, domainaccount, pszError);
	}

	GetCurrentDirectory(MAX_PATH, tSavedPath);
	SetCurrentDirectory(dir);

	launch_flag = 
	    //DETACHED_PROCESS | IDLE_PRIORITY_CLASS;
	    //CREATE_NO_WINDOW | IDLE_PRIORITY_CLASS;
	    //CREATE_NO_WINDOW | BELOW_NORMAL_PRIORITY_CLASS;
	    //CREATE_NO_WINDOW | IDLE_PRIORITY_CLASS | CREATE_NEW_PROCESS_GROUP;
	    //DETACHED_PROCESS | IDLE_PRIORITY_CLASS | CREATE_NEW_PROCESS_GROUP;
	    //CREATE_NO_WINDOW | IDLE_PRIORITY_CLASS | CREATE_SUSPENDED;
	    CREATE_SUSPENDED | CREATE_NO_WINDOW | priorityClass;
	if (bDebug)
	    launch_flag = launch_flag | DEBUG_PROCESS;

#ifdef USE_WINDOW_STATIONS
	AttachToWorkstation();
#endif

	num_tries = 4; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.