logo

Symbolic Name not Mapping to Correct Object

Draft Base
Structure: Simple
Description

A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.

Common Consequences 5
Scope: Access Control

Impact: Gain Privileges or Assume Identity

The attacker can gain access to otherwise unauthorized resources.

Scope: IntegrityConfidentialityOther

Impact: Modify Application DataModify Files or DirectoriesRead Application DataRead Files or DirectoriesOther

Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.

Scope: IntegrityOther

Impact: Modify Application DataOther

The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.

Scope: Non-Repudiation

Impact: Hide Activities

If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.

Scope: Non-RepudiationIntegrity

Impact: Modify Files or Directories

In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.
References 1
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
ChildOf: Use of Incorrectly-Resolved Name or Reference (CWE-706)
PeerOf: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
PeerOf: Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
PeerOf: Comparison of Classes by Name (CWE-486)
Taxonomy Mapping
  • CLASP