CWE-59
Improper Link Resolution Before File Access ('Link Following')
BaseDraftLikelihood: Medium
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (624)
page 19 of 32| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-0461 | 0.00 | — | 0.00 | Apr 4, 2011 | /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | ||
| CVE-2011-0727 | 0.00 | — | 0.00 | Mar 31, 2011 | GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | ||
| CVE-2011-0441 | 0.00 | — | 0.00 | Mar 29, 2011 | The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. | ||
| CVE-2011-1073 | 0.00 | — | 0.00 | Mar 4, 2011 | crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. | ||
| CVE-2011-1144 | 0.00 | — | 0.00 | Mar 3, 2011 | The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. | ||
| CVE-2011-1072 | 0.00 | — | 0.00 | Mar 3, 2011 | The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | ||
| CVE-2011-1004 | 0.00 | — | 0.00 | Mar 2, 2011 | The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. | ||
| CVE-2011-1031 | 0.00 | — | 0.00 | Feb 14, 2011 | The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. | ||
| CVE-2011-0702 | 0.00 | — | 0.00 | Feb 14, 2011 | The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | ||
| CVE-2011-0754 | 0.00 | — | 0.00 | Feb 2, 2011 | The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | ||
| CVE-2011-0017 | 0.00 | — | 0.00 | Feb 2, 2011 | The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. | ||
| CVE-2010-4338 | 0.00 | — | 0.00 | Jan 20, 2011 | ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine. | ||
| CVE-2010-4337 | 0.00 | — | 0.00 | Jan 14, 2011 | The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. | ||
| CVE-2011-0402 | 0.00 | — | 0.01 | Jan 11, 2011 | dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | ||
| CVE-2011-0007 | 0.00 | — | 0.00 | Jan 11, 2011 | pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | ||
| CVE-2010-4173 | 0.00 | — | 0.00 | Nov 22, 2010 | The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file. | ||
| CVE-2010-1693 | 0.00 | — | 0.00 | Oct 26, 2010 | openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file. | ||
| CVE-2009-5007 | 0.00 | — | 0.00 | Oct 14, 2010 | The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. | ||
| CVE-2010-3691 | 0.00 | — | 0.00 | Oct 7, 2010 | PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | ||
| CVE-2010-2794 | 0.00 | — | 0.00 | Aug 30, 2010 | The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file. |