[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Reachable Assertion

ID: 617Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Extended Description

For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service.

Applicable Platforms
None

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: crash / exit / restart
 
An attacker that can trigger an assert statement can crash the application or cause a denial of service.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)
 
  
Implementation
 
Input Validation
 
Perform input validation on user data.
 
  

Relationships

Related CWETypeViewChain
CWE-617 ChildOf CWE-887 Category CWE-888  

Demonstrative Examples   (Details)

  1. In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn't entered an email address in an HTML form.

Observed Examples

  1. CVE-2006-6767 : FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.
  2. CVE-2006-6811 : Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.
  3. CVE-2006-5779 : Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
  4. CVE-2006-4095 : Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.
  5. CVE-2006-4574 : Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT Java Secure Coding MET01-J
 
Never use assertions to validate method arguments
 
 

References:
None

© 2013 SecPod Technologies