fedora 23
access weakness #55

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

wine-mono-4.6.3/mono/mono/io-layer/wapi-remap.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 23 access weakness.

 #define UnlockFile wapi_UnlockFile 
#define GetVolumeInformation wapi_GetVolumeInformation 
#define FormatMessage wapi_FormatMessage 
#define CreateMutex wapi_CreateMutex 
#define ReleaseMutex wapi_ReleaseMutex 
#define OpenMutex wapi_OpenMutex 
#define ShellExecuteEx wapi_ShellExecuteEx 
#define CreateProcess wapi_CreateProcess 
#define CreateProcessWithLogonW wapi_CreateProcessWithLogonW 
#define GetCurrentProcess wapi_GetCurrentProcess 
#define GetProcessId wapi_GetProcessId 
#define CloseProcess wapi_CloseProcess 
#define OpenProcess wapi_OpenProcess 
#define GetExitCodeProcess wapi_GetExitCodeProcess 
#define GetProcessTimes wapi_GetProcessTimes 
#define EnumProcessModules wapi_EnumProcessModules 
#define GetModuleBaseName wapi_GetModuleBaseName 
#define GetModuleFileNameEx wapi_GetModuleFileNameEx 
#define GetModuleInformation wapi_GetModuleInformation 
#define GetProcessWorkingSetSize wapi_GetProcessWorkingSetSize 
#define SetProcessWorkingSetSize wapi_SetProcessWorkingSetSize 
#define TerminateProcess wapi_TerminateProcess 
#define GetPriorityClass wapi_GetPriorityClass 
#define SetPriorityClass wapi_SetPriorityClass 
#define ImpersonateLoggedOnUser wapi_ImpersonateLoggedOnUser 
#define RevertToSelf wapi_RevertToSelf 
#define CreateSemaphore wapi_CreateSemaphore
#define ReleaseSemaphore wapi_ReleaseSemaphore
#define OpenSemaphore wapi_OpenSemaphore 
#define WSASetLastError wapi_WSASetLastError
#define WSAGetLastError wapi_WSAGetLastError
#define WSAIoctl wapi_WSAIoctl 
#define WSARecv wapi_WSARecv 
#define WSASend wapi_WSASend 
#define GetSystemInfo wapi_GetSystemInfo
#define QueryPerformanceCounter wapi_QueryPerformanceCounter
#define QueryPerformanceFrequency wapi_QueryPerformanceFrequency
#define GetTickCount wapi_GetTickCount 
#define GetFileVersionInfoSize wapi_GetFileVersionInfoSize 
#define GetFileVersionInfo wapi_GetFileVersionInfo 
#define VerQueryValue wapi_VerQueryValue 
#define VerLanguageName wapi_VerLanguageName 
#define WaitForSingleObject wapi_WaitForSingleObject
#define WaitForSingleObjectEx wapi_WaitForSingleObjectEx
#define SignalObjectAndWait wapi_SignalObjectAndWait
#define WaitForMultipleObjects wapi_WaitForMultipleObjects
#define WaitForMultipleObjectsEx wapi_WaitForMultipleObjectsEx
#define WaitForInputIdle wapi_WaitForInputIdle

#endif /* __WAPI_REMAP_H__ */ 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.