CWE-426
Untrusted Search Path
Description
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
{"xhtml:p":["This might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the product uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted product would then execute. The problem extends to any type of critical resource that the product trusts.","Some of the most common variants of untrusted search path are:"],"xhtml:ul":[{"xhtml:li":["In various UNIX and Linux-based systems, the PATH environment variable may be consulted to locate executable programs, and LD_PRELOAD may be used to locate a separate library.","In various Microsoft-based systems, the PATH environment variable is consulted to locate a DLL, if the DLL is not found in other paths that appear earlier in the search order."]}]}
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
Scope
Impact
DoS: Crash, Exit, or Restart
Scope
Impact
Read Files or Directories
Potential Mitigations
Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428.
When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths.
Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths.
Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory.
Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path.
CVE-1999-1120Application relies on its PATH environment variable to find and execute program.
CVE-2008-1810Database application relies on its PATH environment variable to find and execute program.
CVE-2007-2027Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages.
CVE-2008-3485Untrusted search path using malicious .EXE in Windows environment.
CVE-2008-2613setuid program allows compromise using path that finds and loads a malicious library.
CVE-2008-1319Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now