centos 6
misc weakness #29

5

Weakness Breakdown


Definition:

The software specifies permissions for a security-critical resource in a way that allows the resource to be read or modified by unintended actors.

Warning code(s):

Never create NULL ACLs; an attacker can set it to Everyone.

File Name:

wireshark-1.8.10/wsutil/file_util.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 6 misc weakness.

 	}

	/* convert value to utf8 */
	envvar = g_utf16_to_utf8(envvarw, -1, NULL, NULL, NULL);
	/* XXX - memleak */

	return envvar;
}

/** Create or open a "Wireshark is running" mutex.
 */
#define WIRESHARK_IS_RUNNING_UUID "9CA78EEA-EA4D-4490-9240-FC01FCEF464B"

static SECURITY_ATTRIBUTES *sec_attributes_;

void create_app_running_mutex() {
      SECURITY_ATTRIBUTES *sa = NULL;
      
      if (!sec_attributes_) sec_attributes_ = g_new0(SECURITY_ATTRIBUTES, 1);
      
      sec_attributes_->nLength = sizeof(SECURITY_ATTRIBUTES);
      sec_attributes_->lpSecurityDescriptor = g_new0(SECURITY_DESCRIPTOR, 1);
      sec_attributes_->bInheritHandle = TRUE;
      if (InitializeSecurityDescriptor(sec_attributes_->lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION)) {
	    if (SetSecurityDescriptorDacl(sec_attributes_->lpSecurityDescriptor, TRUE, NULL, FALSE)) {
	          sa = sec_attributes_;
	    }
      }
      
      if (!sa) {
	    g_free(sec_attributes_->lpSecurityDescriptor);
	    g_free(sec_attributes_);
	    sec_attributes_ = NULL;
      }
      CreateMutex(sa, FALSE, _T("Wireshark-is-running-{") _T(WIRESHARK_IS_RUNNING_UUID) _T("}"));
      CreateMutex(sa, FALSE, _T("Global\\Wireshark-is-running-{") _T(WIRESHARK_IS_RUNNING_UUID) _T("}"));
} 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.