Description
This test case implements a time of check time of use vulnerability that allows a DOS due to the input file being deleted before opening. The test case takes in a control file and an input file. The input file is checked to see if it is in the current working directory and exists. If both of these conditions are true, the test case opens and reads the control file and opens, reads, and prints the data in the input file. Since there is a delay between checking the validity of the file and opening it, the input file can be deleted before opening causing a DOS: Uncontrolled Exit. The control file is used as a method to delay execution long enough for this vulnerability to occur.
Metadata
- Base program: Tree
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE
Flaws
Test Suites
IARPA STONESOUP Phase 3 - Test Cases
Documentation
Have any comments on this test case? Please, send us an email.