Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-1757

Security Vulnerability: system DLL loaded without path specified

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.4.3
    • Affects Version/s: 1.4.1
    • Component/s: Authentication
    • None

      An internal audit has discovered the following security vulnerability, so would you kindly consider addressing this:

      SLSL-179-UC-3-14 Insecure LoadLibrary() Call	  

Description:
The application loads a system DLL without specifying its path. As a result, if an attacker is able to plant a DLL with the same name in directory parsed first in the search path, it will be loaded instead.
The following code demonstrates this issue:
int sspi_init(
)
{
	sspi_secur32_dll = LoadLibrary("secur32.dll");
	if (!sspi_secur32_dll) {
		return GetLastError();
	}
...[SNIP]...


Recommendation:
Modify the LoadLibrary() call to specify the full path of the DLL in order to ensure only the intended version is used, rather than a planted malicious binary.

      Reference file:

      https://github.com/mongodb/mongo-go-driver/blob/c2a43c080082db26ed2d6fb44026ce1d00a983a7/x/mongo/driver/auth/internal/gssapi/sspi_wrapper.c

       

            Assignee:
            divjot.arora@mongodb.com Divjot Arora (Inactive)
            Reporter:
            jmedlock@microsoft.com J M
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: