CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,527 vulnerabilities with CWE-59
CVE-2008-5141
flamethrower 0.1.8 - Local Privilege Escalation
CVE-2008-5140
MailScanner <4.74.16-1 - Local Privilege Escalation
CVE-2008-5139
jailer 0.4 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-5138
libpam-mount 0.43 - Local Privilege Escalation
CVE-2008-5137
tkman <2.2 - Local Privilege Escalation
CVE-2008-5136
tkusr 0.82 - Arbitrary File Overwrite via Symlink Attack on /tmp/tkusr.pgm
CVE-2008-5135
os-prober 1.17 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2008-4832
rpath initscripts 8.12-8.21 and 8.56.15-0.1 - Arbitrary File Deletion via Symlink Attack on /var/lock or /var/run
CVE-2008-5034
printfilters-ppd 2.13 - Arbitrary File Overwrite via Symlink Attack on /tmp/filter.debug
CVE-2008-5007
lazarus 0.9.24 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2008-4998
TWiki 4.1.2 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-4997
datafreedom-perl 0.1.7 - Arbitrary File Overwrite via Symlink Attack on /tmp/zenity
CVE-2008-4996 MEDIUM
initramfs-tools 0.92f - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVSS 5.5
CVE-2008-4995
bk2site 1.1.9 - Arbitrary File Overwrite via Symlink Attack on /tmp/redirect.log
CVE-2008-4994
xmcd 2.6 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-4993
Xen 3.2.1 - Arbitrary File Write via Symlink Attack on /tmp/args
CVE-2008-4988
xcal 4.1 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-4987
xastir 1.9.2 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2008-4986
wims 3.62 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2008-4985
vdr 1.6.0 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-4984
scratchbox2 1.99.0.24 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2008-4983
scilab-bin 4.1.2 - Arbitrary File Overwrite via Symlink Attack on Temporary Files
CVE-2008-4982
rkhunter 1.3.2 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-4981
realtimebattle 1.0.8 - Arbitrary File Overwrite via Symlink Attack on Temporary File
CVE-2008-4980
rccp 0.9 - Arbitrary File Overwrite via Symlink Attack on /tmp/cccp_tmp.txt
Details
Vulnerabilities 1,527
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits