Incorrect Default Permissions

Description

This vulnerability occurs when software installation scripts set overly permissive file or directory access rights by default. Instead of restricting write access to authorized users or processes, the installation allows unintended actors to modify, delete, or corrupt critical application files.

Extended Description

Incorrect default permissions are a common installation-time mistake where files and folders are created with global read/write access (e.g., world-writable). This often happens because the installer runs with elevated privileges but does not properly lock down the resources it deploys. The result is that any user or service on the system, including low-privilege accounts or malware, can alter configuration files, binaries, or libraries, leading to a direct path for privilege escalation, data tampering, or denial of service. To prevent this, developers and DevOps teams must ensure installation scripts explicitly set secure permissions, adhering to the principle of least privilege. Best practices include removing world-writable bits, assigning ownership to specific service accounts, and validating permissions post-deployment. Automated security scanning tools can also detect and flag overly permissive files as part of a continuous integration pipeline.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read Application DataModify Application Data

Detection Methods 8

Automated Static Analysis - Binary or BytecodeSOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Inter-application Flow Analysis

Manual Static Analysis - Binary or BytecodeSOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results InterpretationSOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria Web Application Scanner Web Services Scanner Database Scanners

Dynamic Analysis with Manual Results InterpretationHigh

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Host Application Interface Scanner ``` Cost effective for partial coverage: ``` Fuzz Tester Framework-based Fuzzer Automated Monitored Execution Forced Path Execution

Manual Static Analysis - Source CodeHigh

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Manual Source Code Review (not inspections) ``` Cost effective for partial coverage: ``` Focused Manual Spotcheck - Focused manual analysis of source

Automated Static Analysis - Source CodeSOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Context-configured Source Code Weakness Analyzer

Automated Static AnalysisSOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Configuration Checker

Architecture or Design ReviewHigh

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Formal Methods / Correct-By-Construction ``` Cost effective for partial coverage: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Potential Mitigations 2

Phase: Architecture and DesignOperation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Phase: Architecture and Design

Strategy: Separation of Privilege

Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

Observed Examples 7

CVE-2005-1941Executables installed world-writable.

CVE-2002-1713Home directories installed world-readable.

CVE-2001-1550World-writable log files allow information loss; world-readable file has cleartext passwords.

CVE-2002-1711World-readable directory.

CVE-2002-1844Windows product uses insecure permissions when installing on Solaris (genesis: port error).

CVE-2001-0497Insecure permissions for a shared secret key file. Overlaps cryptographic problem.

CVE-1999-0426Default permissions of a device allow IP spoofing.

References 3

The Art of Software Security Assessment

Mark Dowd, John McDonald, and Justin Schuh

Addison Wesley

2006

ID: REF-62

State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation

Gregory Larsen, E. Kenneth Hong Fong, David A. Wheeler, and Rama S. Moorthy

07-2014

https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx(2025-09-05)

ID: REF-1479

State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation

Gregory Larsen, E. Kenneth Hong Fong, David A. Wheeler, and Rama S. Moorthy

07-2014

https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx(2025-09-05)

ID: REF-1479

Likelihood of Exploit

Medium

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : UndeterminedICS/OT : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Installation

Operation

Related Attack Patterns

Related Weaknesses

ChildOf:

Incorrect Permission Assignment for Critical Resource (CWE-732)

ChildOf:

Incorrect Permission Assignment for Critical Resource (CWE-732)

Taxonomy Mapping

PLOVER
CERT C Secure Coding
The CERT Oracle Secure Coding Standard for Java (2011)
ISA/IEC 62443
ISA/IEC 62443