CWE-59
Improper Link Resolution Before File Access ('Link Following')
BaseDraftLikelihood: Medium
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (624)
page 26 of 32| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-4965 | 0.00 | — | 0.00 | Nov 6, 2008 | liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files. | ||
| CVE-2008-4964 | 0.00 | — | 0.00 | Nov 6, 2008 | filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file. | ||
| CVE-2008-4960 | 0.00 | — | 0.00 | Nov 5, 2008 | impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files. | ||
| CVE-2008-4959 | 0.00 | — | 0.00 | Nov 5, 2008 | geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files. | ||
| CVE-2008-4958 | 0.00 | — | 0.00 | Nov 5, 2008 | gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file. | ||
| CVE-2008-4957 | 0.00 | — | 0.00 | Nov 5, 2008 | find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file. | ||
| CVE-2008-4956 | 0.00 | — | 0.00 | Nov 5, 2008 | fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file. | ||
| CVE-2008-4955 | 0.00 | — | 0.00 | Nov 5, 2008 | freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code. | ||
| CVE-2008-4954 | 0.00 | — | 0.00 | Nov 5, 2008 | mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file. | ||
| CVE-2008-4953 | 0.00 | — | 0.00 | Nov 5, 2008 | firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks. | ||
| CVE-2008-4952 | 0.00 | — | 0.00 | Nov 5, 2008 | emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file. | ||
| CVE-2008-4951 | 0.00 | — | 0.00 | Nov 5, 2008 | dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts. | ||
| CVE-2008-4950 | 0.00 | — | 0.00 | Nov 5, 2008 | gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot. | ||
| CVE-2008-4949 | 0.00 | — | 0.00 | Nov 5, 2008 | dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts. | ||
| CVE-2008-4948 | 0.00 | — | 0.00 | Nov 5, 2008 | fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file. | ||
| CVE-2008-4947 | 0.00 | — | 0.00 | Nov 5, 2008 | dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file. | ||
| CVE-2008-4946 | 0.00 | — | 0.00 | Nov 5, 2008 | convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/. | ||
| CVE-2008-4945 | 0.00 | — | 0.00 | Nov 5, 2008 | amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory. | ||
| CVE-2008-4944 | 0.00 | — | 0.00 | Nov 5, 2008 | writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files. | ||
| CVE-2008-4943 | 0.00 | — | 0.00 | Nov 5, 2008 | bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts. |