Executar análise estática (SAST) na base de código à procura do padrão inseguro no fluxo de dados.
CWE-271 Classe Incompleto
Privilege Dropping / Lowering Errors
This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component.
Definição
What is CWE-271?
This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component.
In secure software design, a common practice is for a high-privilege process to perform a sensitive operation and then immediately lower its permissions before interacting with lower-privileged entities. This flaw breaks that chain of trust. When a system hands off a file, process, or network connection without first dropping these elevated rights, it effectively grants those high-level permissions to the receiving party, which may not be authorized to have them.
This creates a dangerous privilege escalation path. By failing to contain permissions within their intended scope, the flaw allows excessive access to spread throughout the application environment. An attacker who gains control of the lower-privileged component can then inherit and abuse these unintended permissions, potentially taking full control of the system or accessing restricted data.
Impacto no mundo real
Real-world CVEs caused by CWE-271
-
Program does not drop privileges after acquiring the raw socket.
-
Setuid program does not drop privileges after a parsing error occurs, then calls another program to handle the error.
-
Does not drop privileges in related groups when lowering privileges.
-
Does not drop privileges in related groups when lowering privileges.
-
Does not drop privileges before determining access to certain files.
-
Finger daemon does not drop privileges when executing programs on behalf of the user being fingered.
-
FTP server does not drop privileges if a connection is aborted during file transfer.
-
Program only uses seteuid to drop privileges.
Como os atacantes a exploram
Trajeto do atacante passo a passo
- 1
Identificar um caminho de código que trata input não confiável sem validação.
- 2
Criar um payload que explora o comportamento inseguro — injeção, traversal, overflow ou abuso de lógica.
- 3
Entregar o payload através de um pedido normal e observar a reação da aplicação.
- 4
Iterar até que a resposta exponha dados, execute código do atacante ou escale privilégios.
Exemplo de código vulnerável
Vulnerable C
The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.
chroot(APP_HOME);
chdir("/");
FILE* data = fopen(argv[1], "r+");
... Exemplo de código seguro
Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção
How to prevent CWE-271
- Architecture and Design Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
- Architecture and Design / Operation Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
- Architecture and Design Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Sinais de deteção
How to detect CWE-271
Executar testes dinâmicos de segurança de aplicações (DAST) contra o endpoint em execução.
Monitorizar os registos em tempo de execução para traços de exceção invulgares, input malformado ou tentativas de contornar a autorização.
Revisão de código: sinalizar qualquer novo código que trate input desta superfície sem usar os ajudantes validados do framework.
O Plexicus deteta automaticamente o CWE-271 e abre um PR de correção em menos de 60 segundos.
O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.
Perguntas frequentes O que é o CWE-271?
Qual a gravidade do CWE-271?
Que linguagens ou plataformas são afetadas pelo CWE-271?
Como posso prevenir o CWE-271?
Como é que o Plexicus deteta e corrige o CWE-271?
Onde posso saber mais sobre o CWE-271?
Frequently asked questions
O que é o CWE-271?
This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component.
Qual a gravidade do CWE-271?
A MITRE classifica a probabilidade de exploração como Alta — esta fraqueza é ativamente explorada em campo e deve ser priorizada para remediação.
Que linguagens ou plataformas são afetadas pelo CWE-271?
A MITRE não especificou as plataformas afetadas por este CWE — pode aplicar-se à maioria das stacks de aplicações.
Como posso prevenir o CWE-271?
Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to…
Como é que o Plexicus deteta e corrige o CWE-271?
O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-271 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.
Onde posso saber mais sobre o CWE-271?
A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/271.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.
Fraquezas relacionadas
Weaknesses related to CWE-271
CWE-269 Pai
Improper Privilege Management
This vulnerability occurs when an application fails to correctly manage user permissions, allowing someone to perform actions or access…
CWE-250 Irmão
Execution with Unnecessary Privileges
This vulnerability occurs when software runs with higher permissions than it actually needs to perform its tasks. This excessive privilege…
CWE-266 Irmão
Incorrect Privilege Assignment
This vulnerability occurs when a system mistakenly grants a user, process, or entity a specific permission or privilege they should not…
CWE-267 Irmão
Privilege Defined With Unsafe Actions
This vulnerability occurs when a system grants a user, role, or process a specific permission that can be misused to perform dangerous,…
CWE-268 Irmão
Privilege Chaining
Privilege chaining occurs when an attacker combines two separate permissions or capabilities, neither of which is dangerous on its own, to…
CWE-270 Irmão
Privilege Context Switching Error
This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts,…
CWE-274 Irmão
Improper Handling of Insufficient Privileges
This vulnerability occurs when an application fails to properly manage situations where it lacks the necessary permissions to execute an…
CWE-648 Irmão
Incorrect Use of Privileged APIs
This vulnerability occurs when software incorrectly uses functions that require special permissions. Attackers can exploit these mistakes…
CWE-272 Filho
Least Privilege Violation
This vulnerability occurs when software fails to reduce its elevated system privileges after completing a sensitive operation, leaving it…
Pronto quando você estiver
Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.
O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.