Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-1757

Security Vulnerability: system DLL loaded without path specified

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 1.4.1
    • Fix Version/s: 1.4.3
    • Component/s: Authentication
    • Security Level: Public
    • Labels:
      None

      Description

      An internal audit has discovered the following security vulnerability, so would you kindly consider addressing this:

      SLSL-179-UC-3-14 Insecure LoadLibrary() Call	  
       
      Description:
      The application loads a system DLL without specifying its path. As a result, if an attacker is able to plant a DLL with the same name in directory parsed first in the search path, it will be loaded instead.
      The following code demonstrates this issue:
      int sspi_init(
      )
      {
      	sspi_secur32_dll = LoadLibrary("secur32.dll");
      	if (!sspi_secur32_dll) {
      		return GetLastError();
      	}
      ...[SNIP]...
       
       
      Recommendation:
      Modify the LoadLibrary() call to specify the full path of the DLL in order to ensure only the intended version is used, rather than a planted malicious binary.
      

      Reference file:

      https://github.com/mongodb/mongo-go-driver/blob/c2a43c080082db26ed2d6fb44026ce1d00a983a7/x/mongo/driver/auth/internal/gssapi/sspi_wrapper.c

       

        Attachments

          Activity

            People

            Assignee:
            divjot.arora Divjot Arora
            Reporter:
            jmedlock@microsoft.com J M
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: