[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improper Validation of Function Hook Arguments

ID: 622Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

A product adds hooks to user-accessible API functions, but does not properly validate the arguments. This could lead to resultant vulnerabilities.

Extended Description

Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 
Unexpected state
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
 Ensure that all arguments are verified, as defined by the API you are protecting.
 
  
Architecture and Design
 
 Drop privileges before invoking such functions, if possible.
 
  

Relationships

Related CWETypeViewChain
CWE-622 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2007-0708 : DoS in firewall using standard Microsoft functions
  2. CVE-2006-7160 : DoS in firewall using standard Microsoft functions
  3. CVE-2007-1376 : function does not verify that its argument is the proper type, leading to arbitrary memory write
  4. CVE-2007-1220 : invalid syscall arguments bypass code execution limits
  5. CVE-2006-4541 : DoS in IDS via NULL argument

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None

© 2013 SecPod Technologies