VYPR

CWE-59

Improper Link Resolution Before File Access ('Link Following')

BaseDraftLikelihood: Medium

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-132 · CAPEC-17 · CAPEC-35 · CAPEC-76

CVEs mapped to this weakness (818)

page 37 of 41
  • CVE-2008-4936Nov 5, 2008
    risk 0.00cvss epss 0.00

    faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.

  • CVE-2008-4935Nov 5, 2008
    risk 0.00cvss epss 0.00

    asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.

  • CVE-2008-4908Nov 4, 2008
    risk 0.00cvss epss 0.00

    maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

  • CVE-2008-4639Oct 21, 2008
    risk 0.00cvss epss 0.00

    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

  • CVE-2008-4580Oct 15, 2008
    risk 0.00cvss epss 0.00

    fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.

  • CVE-2008-4579Oct 15, 2008
    risk 0.00cvss epss 0.00

    The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.

  • CVE-2008-4553Oct 15, 2008
    risk 0.00cvss epss 0.00

    qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

  • CVE-2008-4477Oct 8, 2008
    risk 0.00cvss epss 0.00

    alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.

  • CVE-2008-4476Oct 7, 2008
    risk 0.00cvss epss 0.00

    sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

  • CVE-2008-4475Oct 7, 2008
    risk 0.00cvss epss 0.00

    ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2008-4474Oct 7, 2008
    risk 0.00cvss epss 0.00

    freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.

  • CVE-2008-4440Oct 3, 2008
    risk 0.00cvss epss 0.00

    The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.

  • CVE-2008-4406Oct 3, 2008
    risk 0.00cvss epss 0.00

    A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.

  • CVE-2008-3521Oct 2, 2008
    risk 0.00cvss epss 0.00

    Race condition in the jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to cause a denial of service (program exit) by creating the appropriate tmp.XXXXXXXXXX temporary file, which causes Jasper to exit. NOTE: this was originally…

  • CVE-2008-3524Sep 29, 2008
    risk 0.00cvss epss 0.00

    rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.

  • CVE-2008-4191Sep 24, 2008
    risk 0.00cvss epss 0.00

    extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.

  • CVE-2008-4162Sep 22, 2008
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter.

  • CVE-2008-4108Sep 18, 2008
    risk 0.00cvss epss 0.00

    Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in…

  • CVE-2008-4104Sep 18, 2008
    risk 0.00cvss epss 0.01

    Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.

  • CVE-2008-4098Sep 18, 2008
    risk 0.00cvss epss 0.02

    MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables…