alpine 3.6
access weakness #19

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

krb5/src/krb5-1.14.3/src/ccapi/server/win/ccs_os_server.cpp

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

         cci_debug_printf("%s Error getting Client Info (%u = %s)",
                     __FUNCTION__, client_status, rpc_error_to_string(client_status));
    }
}

DWORD sid_check() {
    DWORD status = 0;
    HANDLE hToken_c = 0;
    HANDLE hToken_s = 0;
    PTOKEN_USER ptu_c = 0;
    PTOKEN_USER ptu_s = 0;
    DWORD len = 0;
    BOOL bImpersonate = FALSE;

    // Note GetUserName will fail while impersonating at identify
    // level.  The workaround is to impersonate, OpenThreadToken,
    // revert, call GetTokenInformation, and finally, call
    // LookupAccountSid.

    // XXX - Note: This workaround does not appear to work.
    // OpenThreadToken fails with error 1346: "Either a requid
    // impersonation level was not provided or the provided
    // impersonation level is invalid".

    status = RpcImpersonateClient(0);

    if (!status) {
        bImpersonate = TRUE;
        if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken_c))
            status = GetLastError();
        }

    if (!status) {
        status = RpcRevertToSelf();
        }

    if (!status) {
        bImpersonate = FALSE;

        len = 0;
        GetTokenInformation(hToken_c, TokenUser, ptu_c, 0, &len);
        if (len == 0) status = 1;
        }

    if (!status) {
        if (!(ptu_c = (PTOKEN_USER)LocalAlloc(0, len)))
            status = GetLastError();
        }

    if (!status) { 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.