|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 33 - NT-REGISTRY (6 candidates)
These candidates are related to registry keys in Windows NT. Like the candidates in the DATA clutser, they may appear to be at a high level of abstraction. They use the Data Access content decisions. I distinguish between the permissions for the key itself, and the value of the key. In some cases the permissions may be fine, but the value could result in a vulnerability. The specific candidates for HKEY_LOCAL_MACHINE and HKEY_CLASSES_ROOT come from several security tools, which often cite permission problems with these particular high-level keys. I am not an NT expert, but my guess is that application-critical and system-critical registry keys are High Cardinality, and maybe they are Not Enumerable. But if we can enumerate all the system-critical or application-critical keys, then it is perhaps more appropriate to use that level of abstraction, though I suspect it could produce an unmanageably high number of vulnerabilities in the CVE. A middle-ground approach might be to group keys using the Different Functionality content decision, but how would we define "different functionality" in this context? Do we separate by the application and underlying OS function? We could consider the hierarchical structure of the registry keys, and apply the Same Checkbox content decision at the "leaf" level. For example, I imagine that IIS probably has a number of application-critical or even system-critical keys, though all of those keys probably fall under an IIS "parent" key and might effectively appear in the same "checkbox" in the registry editor. Thus IIS might be an appropriate level. Comments? - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0580 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990803 Assigned: 19990607 Category: CF The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions. VOTE: ================================= Candidate: CAN-1999-0581 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990803 Assigned: 19990607 Category: CF The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. VOTE: ================================= Candidate: CAN-1999-0589 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990803 Assigned: 19990607 Category: CF A system-critical Windows NT registry key has inappropriate permissions. VOTE: ================================= Candidate: CAN-1999-0611 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990803 Assigned: 19990607 Category: CF A system-critical Windows NT registry key has an inappropriate value. VOTE: ================================= Candidate: CAN-1999-0664 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990803 Assigned: 19990803 Category: CF An application-critical Windows NT registry key has inappropriate permissions. VOTE: ================================= Candidate: CAN-1999-0665 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990803 Assigned: 19990803 Category: CF An application-critical Windows NT registry key has an inappropriate value. VOTE:
|
||||
