centos 6
access weakness #34

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

mvapich-1.2rc1/non-psm/mpid/nt_server/RemoteShell/RemoteShellServer/RemoteShell.cpp

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 access weakness.

 			psztDomain = tDomain;
#ifdef UNICODE
		wcscpy(tPassword, bPassword);
#else
		wcstombs(tPassword, bPassword, wcslen(bPassword)+1);
#endif
		if (!LogonUser(
			tAccount,
			psztDomain, 
			tPassword,
			LOGON32_LOGON_INTERACTIVE, 
			LOGON32_PROVIDER_DEFAULT, 
			&hUser))
		{
			*nError = GetLastError();
			Translate_Error(*nError, error_msg, L"GrantAccessToDesktop:LogonUser failed: ");
			SysReAllocString(bErrorMsg, error_msg);
			LogWMsg(L"GrantAccessToDesktop:LogonUser failed: %d, %s\n", *nError, error_msg);
			return S_OK;
		}
	}
	else
	{
		// Impersonate the client and get a user token
		hr = CoImpersonateClient();
		if (FAILED(hr))
			LogMsg(TEXT("GrantAccessToDesktop:CoImpersonateClient failed"));
		if (!OpenThreadToken(GetCurrentThread(), MAXIMUM_ALLOWED, TRUE, &hImpersonatedToken))
		{
			*nError = GetLastError();
			Translate_Error(*nError, error_msg, L"GrantAccessToDesktop:OpenThreadToken failed: ");
			SysReAllocString(bErrorMsg, error_msg);
			LogWMsg(L"GrantAccessToDesktop:OpenThreadToken failed: %d, %s\n", *nError, error_msg);
			return S_OK;
		}
		CoRevertToSelf();
		if (!DuplicateTokenEx(hImpersonatedToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hUser))
		{
			*nError = GetLastError();
			Translate_Error(*nError, error_msg, L"GrantAccessToDesktop:DuplicateTokenEx failed: ");
			SysReAllocString(bErrorMsg, error_msg);
			LogWMsg(L"GrantAccessToDesktop:DuplicateTokenEx failed: %d, %s\n", *nError, error_msg);
			return S_OK;
		}
		CloseHandle(hImpersonatedToken);
		hImpersonatedToken = NULL;
	}
	
	m_bLaunchOnDesktop = MyGrantAccessToDesktop(hUser);
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.