CWE-61

CompoundIncomplete

UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

100 linked vulnerabilities

5 related weaknesses

Extended Description

A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

Implementation

Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.

Architecture and Design

Follow the principle of least privilege when assigning access rights to entities in a software system.

Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Confidentiality

Integrity

Read Files or Directories

Modify Files or Directories

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Modes of Introduction

Implementation

Related Weaknesses

CWE-59ChildOf CWE-362Requires CWE-340Requires CWE-386Requires CWE-732Requires

Example CVEs (13)

CVE-1999-1386

Some versions of Perl follow symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.

CVE-2000-1178

Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.

CVE-2004-0217

Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.

CVE-2003-0517

Symlink attack allows local users to overwrite files.

CVE-2004-0689

Possible interesting example

External Links

MITRE CWE Database