alpine 3.6
access weakness #7

4

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

If this call fails, the program could fail to drop heightened privileges.

File Name:

wine/src/wine-2.0.1/include/sspi.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 access weakness.

 
typedef SECURITY_STATUS (SEC_ENTRY *SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle,
 ULONG, void *, ULONG);
typedef SECURITY_STATUS (SEC_ENTRY *SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle,
 ULONG, void *, ULONG);

#define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA"
#define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW"
#define SECURITY_ENTRYPOINT_ANSI WINELIB_NAME_AW(SECURITY_ENTRYPOINT_ANSI)

typedef struct _SECURITY_FUNCTION_TABLE_A
{
    ULONG                             dwVersion;
    ENUMERATE_SECURITY_PACKAGES_FN_A  EnumerateSecurityPackagesA;
    QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
    ACQUIRE_CREDENTIALS_HANDLE_FN_A   AcquireCredentialsHandleA;
    FREE_CREDENTIALS_HANDLE_FN        FreeCredentialsHandle;
    void                             *Reserved2;
    INITIALIZE_SECURITY_CONTEXT_FN_A  InitializeSecurityContextA;
    ACCEPT_SECURITY_CONTEXT_FN        AcceptSecurityContext;
    COMPLETE_AUTH_TOKEN_FN            CompleteAuthToken;
    DELETE_SECURITY_CONTEXT_FN        DeleteSecurityContext;
    APPLY_CONTROL_TOKEN_FN            ApplyControlToken;
    QUERY_CONTEXT_ATTRIBUTES_FN_A     QueryContextAttributesA;
    IMPERSONATE_SECURITY_CONTEXT_FN   ImpersonateSecurityContext;
    REVERT_SECURITY_CONTEXT_FN        RevertSecurityContext;
    MAKE_SIGNATURE_FN                 MakeSignature;
    VERIFY_SIGNATURE_FN               VerifySignature;
    FREE_CONTEXT_BUFFER_FN            FreeContextBuffer;
    QUERY_SECURITY_PACKAGE_INFO_FN_A  QuerySecurityPackageInfoA;
    void                             *Reserved3;
    void                             *Reserved4;
    EXPORT_SECURITY_CONTEXT_FN        ExportSecurityContext;
    IMPORT_SECURITY_CONTEXT_FN_A      ImportSecurityContextA;
    ADD_CREDENTIALS_FN_A              AddCredentialsA;
    void                             *Reserved8;
    QUERY_SECURITY_CONTEXT_TOKEN_FN   QuerySecurityContextToken;
    ENCRYPT_MESSAGE_FN                EncryptMessage;
    DECRYPT_MESSAGE_FN                DecryptMessage;
    SET_CONTEXT_ATTRIBUTES_FN_A       SetContextAttributesA;
} SecurityFunctionTableA, *PSecurityFunctionTableA;

typedef struct _SECURITY_FUNCTION_TABLE_W
{
    ULONG                             dwVersion;
    ENUMERATE_SECURITY_PACKAGES_FN_W  EnumerateSecurityPackagesW;
    QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
    ACQUIRE_CREDENTIALS_HANDLE_FN_W   AcquireCredentialsHandleW;
    FREE_CREDENTIALS_HANDLE_FN        FreeCredentialsHandle;
    void                             *Reserved2; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.