Improper Preservation of Permissions
Draft Base
Structure: Simple
Description
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Common Consequences 1
Scope: ConfidentialityIntegrity
Impact: Read Application DataModify Application Data
Observed Examples 4
CVE-2002-2323Incorrect ACLs used when restoring backups from directories that use symbolic links.
CVE-2001-1515Automatic modification of permissions inherited from another file system.
CVE-2005-1920Permissions on backup file are created with defaults, possibly less secure than original file.
CVE-2001-0195File is made world-readable when being cloned.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Operation
Related Weaknesses
Taxonomy Mapping
- PLOVER