VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 33 of 41
  • CVE-2008-5157Nov 18, 2008
    risk 0.00cvss epss 0.00

    tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.

  • CVE-2008-5156Nov 18, 2008
    risk 0.00cvss epss 0.00

    si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.

  • CVE-2008-5155Nov 18, 2008
    risk 0.00cvss epss 0.01

    mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.

  • CVE-2008-5154Nov 18, 2008
    risk 0.00cvss epss 0.00

    bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.

  • CVE-2008-5153Nov 18, 2008
    risk 0.00cvss epss 0.00

    spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

  • CVE-2008-5152Nov 18, 2008
    risk 0.00cvss epss 0.00

    inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.

  • CVE-2008-5151Nov 18, 2008
    risk 0.00cvss epss 0.00

    test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.

  • CVE-2008-5150Nov 18, 2008
    risk 0.00cvss epss 0.00

    sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.

  • CVE-2008-5149Nov 18, 2008
    risk 0.00cvss epss 0.00

    fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

  • CVE-2008-5148Nov 18, 2008
    risk 0.00cvss epss 0.00

    sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

  • CVE-2008-5147Nov 18, 2008
    risk 0.00cvss epss 0.00

    test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.

  • CVE-2008-5146Nov 18, 2008
    risk 0.00cvss epss 0.00

    add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

  • CVE-2008-5145Nov 18, 2008
    risk 0.00cvss epss 0.00

    ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.

  • CVE-2008-5144Nov 18, 2008
    risk 0.00cvss epss 0.00

    nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.

  • CVE-2008-5143Nov 18, 2008
    risk 0.00cvss epss 0.00

    mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.

  • CVE-2008-5142Nov 18, 2008
    risk 0.00cvss epss 0.00

    sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.

  • CVE-2008-5141Nov 18, 2008
    risk 0.00cvss epss 0.00

    flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.

  • CVE-2008-5140Nov 18, 2008
    risk 0.00cvss epss 0.00

    trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.

  • CVE-2008-5139Nov 18, 2008
    risk 0.00cvss epss 0.00

    updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.

  • CVE-2008-5138Nov 18, 2008
    risk 0.00cvss epss 0.00

    passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.