CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Parents

CWE-706

Children

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (624)

page 13 of 32

CVE	CVSS	EPSS	Published	Description
CVE-2015-1331	—	0.00	Aug 12, 2015	lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2015-3436	—	0.00	Jun 9, 2015	provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CVE-2015-4156	—	0.00	Jun 2, 2015	GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-4155	—	0.00	Jun 2, 2015	GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-3627	—	0.00	May 18, 2015	Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVE-2015-0556	—	0.02	Apr 8, 2015	Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
CVE-2015-1377	—	0.00	Feb 10, 2015	The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
CVE-2014-4480	—	0.02	Jan 30, 2015	Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2015-1196	—	0.01	Jan 21, 2015	GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2015-1194	—	0.00	Jan 21, 2015	pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-1038	—	0.03	Jan 21, 2015	p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2014-9508	—	0.00	Jan 4, 2015	The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
CVE-2014-6407	—	0.06	Dec 12, 2014	Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVE-2014-3627	—	0.02	Dec 5, 2014	The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
CVE-2014-8585	—	0.00	Nov 4, 2014	Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
CVE-2014-7206	—	0.00	Oct 15, 2014	The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
CVE-2014-1875	—	0.00	Oct 6, 2014	The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-5459	—	0.00	Sep 27, 2014	The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
CVE-2014-4372	—	0.00	Sep 18, 2014	syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
CVE-2013-6124	—	0.00	Aug 31, 2014	The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

CVE-2015-1331Aug 12, 2015
risk 0.00cvss —epss 0.00
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2015-3436Jun 9, 2015
risk 0.00cvss —epss 0.00
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CVE-2015-4156Jun 2, 2015
risk 0.00cvss —epss 0.00
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-4155Jun 2, 2015
risk 0.00cvss —epss 0.00
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-3627May 18, 2015
risk 0.00cvss —epss 0.00
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVE-2015-0556Apr 8, 2015
risk 0.00cvss —epss 0.02
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
CVE-2015-1377Feb 10, 2015
risk 0.00cvss —epss 0.00
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
CVE-2014-4480Jan 30, 2015
risk 0.00cvss —epss 0.02
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2015-1196Jan 21, 2015
risk 0.00cvss —epss 0.01
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2015-1194Jan 21, 2015
risk 0.00cvss —epss 0.00
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-1038Jan 21, 2015
risk 0.00cvss —epss 0.03
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2014-9508Jan 4, 2015
risk 0.00cvss —epss 0.00
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
CVE-2014-6407Dec 12, 2014
risk 0.00cvss —epss 0.06
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVE-2014-3627Dec 5, 2014
risk 0.00cvss —epss 0.02
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
CVE-2014-8585Nov 4, 2014
risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
CVE-2014-7206Oct 15, 2014
risk 0.00cvss —epss 0.00
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
CVE-2014-1875Oct 6, 2014
risk 0.00cvss —epss 0.00
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-5459Sep 27, 2014
risk 0.00cvss —epss 0.00
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
CVE-2014-4372Sep 18, 2014
risk 0.00cvss —epss 0.00
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
CVE-2013-6124Aug 31, 2014
risk 0.00cvss —epss 0.00
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.