CWE-689

Permission Race Condition During Resource Copy

Compound

Draft

Description

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.

Parent Weaknesses (ChildOf)

CWE-362: Concurrent Execution using Sha...

Related Weaknesses

CWE-362 (Requires)

CWE-732 (Requires)

Common Consequences

Scope

Confidentiality

Integrity

Impact

Read Application Data, Modify Application Data

CVE-2002-0760

Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.

CVE-2005-2174

Product inserts a new object into database before setting the object's permissions, introducing a race condition.

CVE-2006-5214

Error file has weak permissions before a chmod is performed.

CVE-2005-2475

Archive permissions issue using hard link.

CVE-2003-0265

Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.

Applicable Platforms

Perl

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-689

Permission Race Condition During Resource Copy

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms