centos 6
access weakness #31

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

mvapich-1.2rc1/psm/mpid/nt_server/winmpd/smpd/mpdconsole.cpp

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 access weakness.

     HANDLE hUser;
    char account[50], domain[50], *pszDomain;
    ParseAccountDomain(domainaccount, account, domain);
    if (strlen(domain) < 1)
	pszDomain = NULL;
    else
	pszDomain = domain;

    WaitForSingleObject(g_hLaunchMutex, 10000);

    if (!LogonUser(
	account,
	pszDomain, 
	password,
	LOGON32_LOGON_INTERACTIVE, 
	//LOGON32_LOGON_BATCH,  // quicker?
	LOGON32_PROVIDER_DEFAULT, 
	&hUser))
    {
	*pnError = GetLastError();
	ReleaseMutex(g_hLaunchMutex);
	return (HANDLE)-1;
    }

    if (!ImpersonateLoggedOnUser(hUser))
    {
	*pnError = GetLastError();
	CloseHandle(hUser);
	ReleaseMutex(g_hLaunchMutex);
	if (!g_bSingleUser)
	    RevertToSelf();
	return (HANDLE)-1;
    }

    ReleaseMutex(g_hLaunchMutex);

    return hUser;
}

FILE* CreateCheckFile(char *pszFullFileName, bool bReplace, bool bCreateDir, char *pszError)
{
    char pszPath[MAX_PATH];
    char *pszFileName, *p1, *p2;
    FILE *fout;

    if (bCreateDir)
    {
	if (!TryCreateDir(pszFullFileName, pszError))
	    return NULL;
    } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.