VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 12 of 41
  • CVE-2017-16611MedDec 1, 2017
    risk 0.36cvss 5.5epss 0.00

    In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

  • CVE-2017-8806MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.00

    The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local…

  • CVE-2011-2684MedOct 23, 2017
    risk 0.36cvss 5.5epss 0.00

    foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack…

  • CVE-2017-1301MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various…

  • CVE-2015-3211MedAug 25, 2017
    risk 0.36cvss 5.5epss 0.00

    php-fpm allows local users to write to or create arbitrary files via a symlink attack.

  • CVE-2015-3149MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.

  • CVE-2016-10374MedMay 17, 2017
    risk 0.36cvss 5.5epss 0.00

    perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating…

  • CVE-2017-7418MedApr 4, 2017
    risk 0.36cvss 5.5epss 0.00

    ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local…

  • CVE-2017-2390MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change…

  • CVE-2016-7619MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks.

  • CVE-2016-4679MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary…

  • CVE-2008-4996MedNov 7, 2008
    risk 0.36cvss 5.5epss 0.00

    init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this…

  • CVE-2005-1916MedJul 6, 2005
    risk 0.36cvss 5.5epss 0.00

    linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

  • CVE-2005-1879MedJun 9, 2005
    risk 0.36cvss 5.5epss 0.00

    LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

  • CVE-2005-1880MedJun 6, 2005
    risk 0.36cvss 5.5epss 0.00

    everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

  • CVE-2005-0824MedMay 2, 2005
    risk 0.36cvss 5.5epss 0.00

    The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.

  • CVE-2004-1901MedDec 31, 2004
    risk 0.36cvss 5.5epss 0.00

    Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

  • CVE-2004-1603MedOct 18, 2004
    risk 0.36cvss 5.5epss 0.02

    cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

  • CVE-2003-0517MedAug 18, 2003
    risk 0.36cvss 5.5epss 0.00

    faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.

  • CVE-2002-0725MedSep 5, 2002
    risk 0.36cvss 5.5epss 0.01

    NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.