Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 1.4.3
Affects Version/s: 1.4.1
Component/s: Authentication
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

An internal audit has discovered the following security vulnerability, so would you kindly consider addressing this:

SLSL-179-UC-3-14 Insecure LoadLibrary() Call	  

Description:
The application loads a system DLL without specifying its path. As a result, if an attacker is able to plant a DLL with the same name in directory parsed first in the search path, it will be loaded instead.
The following code demonstrates this issue:
int sspi_init(
)
{
	sspi_secur32_dll = LoadLibrary("secur32.dll");
	if (!sspi_secur32_dll) {
		return GetLastError();
	}
...[SNIP]...


Recommendation:
Modify the LoadLibrary() call to specify the full path of the DLL in order to ensure only the intended version is used, rather than a planted malicious binary.

Reference file:

https://github.com/mongodb/mongo-go-driver/blob/c2a43c080082db26ed2d6fb44026ce1d00a983a7/x/mongo/driver/auth/internal/gssapi/sspi_wrapper.c

Assignee:: Divjot Arora (Inactive)
Reporter:: J M
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Sep 28 2020 04:37:19 PM UTC
Updated:: Oct 28 2023 11:38:01 AM UTC
Resolved:: Oct 26 2020 10:23:34 PM UTC

Details

Description

Attachments

Activity

People

Dates