VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 27 of 41
  • CVE-2012-5564Feb 14, 2013
    risk 0.00cvss epss 0.00

    android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.

  • CVE-2012-6348Jan 4, 2013
    risk 0.00cvss epss 0.00

    Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink…

  • CVE-2012-3329Dec 19, 2012
    risk 0.00cvss epss 0.00

    IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.

  • CVE-2012-5355Oct 10, 2012
    risk 0.00cvss epss 0.00

    welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

  • CVE-2012-4455Oct 10, 2012
    risk 0.00cvss epss 0.00

    openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.

  • CVE-2011-4363Oct 7, 2012
    risk 0.00cvss epss 0.00

    ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

  • CVE-2012-5303Oct 5, 2012
    risk 0.00cvss epss 0.00

    Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.

  • CVE-2011-5146Aug 31, 2012
    risk 0.00cvss epss 0.00

    Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.

  • CVE-2012-2103Aug 26, 2012
    risk 0.00cvss epss 0.00

    The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

  • CVE-2012-4676Aug 26, 2012
    risk 0.00cvss epss 0.00

    The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.

  • CVE-2012-3440Aug 8, 2012
    risk 0.00cvss epss 0.00

    A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

  • CVE-2011-4028Jul 3, 2012
    risk 0.00cvss epss 0.00

    The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

  • CVE-2012-3345Jun 15, 2012
    risk 0.00cvss epss 0.00

    ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.

  • CVE-2011-2722May 25, 2012
    risk 0.00cvss epss 0.00

    The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.

  • CVE-2012-2093May 18, 2012
    risk 0.00cvss epss 0.00

    src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

  • CVE-2012-0808Mar 19, 2012
    risk 0.00cvss epss 0.00

    as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.

  • CVE-2012-0054Mar 19, 2012
    risk 0.00cvss epss 0.00

    libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.

  • CVE-2011-4105Feb 17, 2012
    risk 0.00cvss epss 0.00

    LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.

  • CVE-2011-1384Jan 4, 2012
    risk 0.00cvss epss 0.00

    The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an…

  • CVE-2011-4617Dec 31, 2011
    risk 0.00cvss epss 0.00

    virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.