CWE-59
Improper Link Resolution Before File Access ('Link Following')
Description
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76
CVEs mapped to this weakness (818)
page 33 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5157 | 0.00 | — | 0.00 | Nov 18, 2008 | tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts. | |||
| CVE-2008-5156 | 0.00 | — | 0.00 | Nov 18, 2008 | si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file. | |||
| CVE-2008-5155 | 0.00 | — | 0.01 | Nov 18, 2008 | mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file. | |||
| CVE-2008-5154 | 0.00 | — | 0.00 | Nov 18, 2008 | bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file. | |||
| CVE-2008-5153 | 0.00 | — | 0.00 | Nov 18, 2008 | spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file. | |||
| CVE-2008-5152 | 0.00 | — | 0.00 | Nov 18, 2008 | inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file. | |||
| CVE-2008-5151 | 0.00 | — | 0.00 | Nov 18, 2008 | test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | |||
| CVE-2008-5150 | 0.00 | — | 0.00 | Nov 18, 2008 | sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file. | |||
| CVE-2008-5149 | 0.00 | — | 0.00 | Nov 18, 2008 | fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | |||
| CVE-2008-5148 | 0.00 | — | 0.00 | Nov 18, 2008 | sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file. | |||
| CVE-2008-5147 | 0.00 | — | 0.00 | Nov 18, 2008 | test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file. | |||
| CVE-2008-5146 | 0.00 | — | 0.00 | Nov 18, 2008 | add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file. | |||
| CVE-2008-5145 | 0.00 | — | 0.00 | Nov 18, 2008 | ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file. | |||
| CVE-2008-5144 | 0.00 | — | 0.00 | Nov 18, 2008 | nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file. | |||
| CVE-2008-5143 | 0.00 | — | 0.00 | Nov 18, 2008 | mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file. | |||
| CVE-2008-5142 | 0.00 | — | 0.00 | Nov 18, 2008 | sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file. | |||
| CVE-2008-5141 | 0.00 | — | 0.00 | Nov 18, 2008 | flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file. | |||
| CVE-2008-5140 | 0.00 | — | 0.00 | Nov 18, 2008 | trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file. | |||
| CVE-2008-5139 | 0.00 | — | 0.00 | Nov 18, 2008 | updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file. | |||
| CVE-2008-5138 | 0.00 | — | 0.00 | Nov 18, 2008 | passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file. |
- CVE-2008-5157Nov 18, 2008risk 0.00cvss —epss 0.00
tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.
- CVE-2008-5156Nov 18, 2008risk 0.00cvss —epss 0.00
si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.
- CVE-2008-5155Nov 18, 2008risk 0.00cvss —epss 0.01
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
- CVE-2008-5154Nov 18, 2008risk 0.00cvss —epss 0.00
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.
- CVE-2008-5153Nov 18, 2008risk 0.00cvss —epss 0.00
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
- CVE-2008-5152Nov 18, 2008risk 0.00cvss —epss 0.00
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
- CVE-2008-5151Nov 18, 2008risk 0.00cvss —epss 0.00
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
- CVE-2008-5150Nov 18, 2008risk 0.00cvss —epss 0.00
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
- CVE-2008-5149Nov 18, 2008risk 0.00cvss —epss 0.00
fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
- CVE-2008-5148Nov 18, 2008risk 0.00cvss —epss 0.00
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
- CVE-2008-5147Nov 18, 2008risk 0.00cvss —epss 0.00
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
- CVE-2008-5146Nov 18, 2008risk 0.00cvss —epss 0.00
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
- CVE-2008-5145Nov 18, 2008risk 0.00cvss —epss 0.00
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
- CVE-2008-5144Nov 18, 2008risk 0.00cvss —epss 0.00
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
- CVE-2008-5143Nov 18, 2008risk 0.00cvss —epss 0.00
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.
- CVE-2008-5142Nov 18, 2008risk 0.00cvss —epss 0.00
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
- CVE-2008-5141Nov 18, 2008risk 0.00cvss —epss 0.00
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
- CVE-2008-5140Nov 18, 2008risk 0.00cvss —epss 0.00
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
- CVE-2008-5139Nov 18, 2008risk 0.00cvss —epss 0.00
updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
- CVE-2008-5138Nov 18, 2008risk 0.00cvss —epss 0.00
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.