CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 12 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16611 | Med | 0.36 | 5.5 | 0.00 | Dec 1, 2017 | In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | ||
| CVE-2017-8806 | Med | 0.36 | 5.5 | 0.00 | Nov 13, 2017 | The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local… | ||
| CVE-2011-2684 | Med | 0.36 | 5.5 | 0.00 | Oct 23, 2017 | foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack… | ||
| CVE-2017-1301 | Med | 0.36 | 5.5 | 0.00 | Oct 5, 2017 | IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various… | ||
| CVE-2015-3211 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2017 | php-fpm allows local users to write to or create arbitrary files via a symlink attack. | ||
| CVE-2015-3149 | Med | 0.36 | 5.5 | 0.00 | Jul 25, 2017 | The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | ||
| CVE-2016-10374 | Med | 0.36 | 5.5 | 0.00 | May 17, 2017 | perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating… | ||
| CVE-2017-7418 | Med | 0.36 | 5.5 | 0.00 | Apr 4, 2017 | ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local… | ||
| CVE-2017-2390 | Med | 0.36 | 5.5 | 0.00 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change… | ||
| CVE-2016-7619 | Med | 0.36 | 5.5 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks. | ||
| CVE-2016-4679 | Med | 0.36 | 5.5 | 0.02 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary… | ||
| CVE-2008-4996 | Med | 0.36 | 5.5 | 0.00 | Nov 7, 2008 | init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this… | ||
| CVE-2005-1916 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2005 | linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | ||
| CVE-2005-1879 | Med | 0.36 | 5.5 | 0.00 | Jun 9, 2005 | LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | ||
| CVE-2005-1880 | Med | 0.36 | 5.5 | 0.00 | Jun 6, 2005 | everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget. | ||
| CVE-2005-0824 | Med | 0.36 | 5.5 | 0.00 | May 2, 2005 | The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal. | ||
| CVE-2004-1901 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2004 | Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | ||
| CVE-2004-1603 | Med | 0.36 | 5.5 | 0.02 | Oct 18, 2004 | cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | ||
| CVE-2003-0517 | Med | 0.36 | 5.5 | 0.00 | Aug 18, 2003 | faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | ||
| CVE-2002-0725 | Med | 0.36 | 5.5 | 0.01 | Sep 5, 2002 | NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. |
- risk 0.36cvss 5.5epss 0.00
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
- risk 0.36cvss 5.5epss 0.00
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local…
- risk 0.36cvss 5.5epss 0.00
foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack…
- risk 0.36cvss 5.5epss 0.00
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various…
- risk 0.36cvss 5.5epss 0.00
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
- risk 0.36cvss 5.5epss 0.00
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
- risk 0.36cvss 5.5epss 0.00
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating…
- risk 0.36cvss 5.5epss 0.00
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local…
- risk 0.36cvss 5.5epss 0.00
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change…
- risk 0.36cvss 5.5epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary…
- risk 0.36cvss 5.5epss 0.00
init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this…
- risk 0.36cvss 5.5epss 0.00
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
- risk 0.36cvss 5.5epss 0.00
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
- risk 0.36cvss 5.5epss 0.00
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
- risk 0.36cvss 5.5epss 0.00
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
- risk 0.36cvss 5.5epss 0.00
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
- risk 0.36cvss 5.5epss 0.02
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
- risk 0.36cvss 5.5epss 0.00
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
- risk 0.36cvss 5.5epss 0.01
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.