CWE-59: Improper Link Resolution Before File Access ('Link Following')

参考: CVE-1999-1386

Some versions of Perl follow symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.

参考: CVE-2000-1178

Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.

参考: CVE-2004-0217

Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.

参考: CVE-2003-0517

Symlink attack allows local users to overwrite files.

参考: CVE-2004-0689

Window manager does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

参考: CVE-2005-1879

Second-order symlink vulnerabilities

参考: CVE-2005-1880

Second-order symlink vulnerabilities

参考: CVE-2005-1916

Symlink in Python program

参考: CVE-2000-0972

Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.

参考: CVE-2005-0824

Signal causes a dump that follows symlinks.

参考: CVE-2001-1494

Hard link attack, file overwrite; interesting because program checks against soft links

参考: CVE-2002-0793

Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.

参考: CVE-2003-0578

Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

参考: CVE-1999-0783

Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

参考: CVE-2004-1603

Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.

参考: CVE-2004-1901

Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

参考: CVE-2005-1111

Hard link race condition

参考: CVE-2000-0342

Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

参考: CVE-2001-1042

FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

参考: CVE-2001-1043

FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

参考: CVE-2005-0587

Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

参考: CVE-2001-1386

".LNK." - .LNK with trailing dot

参考: CVE-2003-1233

Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link

参考: CVE-2002-0725

File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.

参考: CVE-2003-0844

Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.

参考: CVE-2015-3629

A Libcontainer used in Docker Engine allows local users to escape containerization and write to an arbitrary file on the host system via a symlink attack in an image when respawning a container.

参考: CVE-2021-21272

"Zip Slip" vulnerability in Go-based Open Container Initiative (OCI) registries product allows writing arbitrary files outside intended directory via symbolic links or hard links in a gzipped tarball.

参考: CVE-2020-27833

"Zip Slip" vulnerability in container management product allows writing arbitrary files outside intended directory via a container image (.tar format) with filenames that are symbolic links that point to other files within the same tar file; however, the files being pointed to can also be symbolic links to destinations outside the intended directory, bypassing the initial check.