CWE - CWE-59: Improper Link Resolution Before File Access ('Link Following') (1.4)

Home > CWE List > CWE- Individual Dictionary Definition (1.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Individual Definition in a New Window

Improper Link Resolution Before File Access ('Link Following')

Status: Draft

Weakness ID: 59 (Weakness Base)

Description

Summary

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Alternate Terms

insecure temporary file

Some people use the phrase "insecure temporary file" when referring to a link following weakness, but other weaknesses can produce insecure temporary files without any symlink involvement at all.

Time of Introduction

Implementation

Applicable Platforms

Languages

All

Operating Systems

Windows (Sometimes)

UNIX (Often)

Likelihood of Exploit

Low to Medium

Potential Mitigations

Follow the principle of least privilege when assigning access rights to files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Other Notes

Windows soft links can be exploited remotely since a ".LNK" file can be uploaded like a normal file.

Weakness Ordinalities

Resultant (where the weakness is typically related to the presence of some other weaknesses)

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	706	Use of Incorrectly-Resolved Name or Reference	Research Concepts (primary)1000
ChildOf	Category	21	Pathname Traversal and Equivalence Errors	Development Concepts (primary)699
ChildOf	Category	632	Weaknesses that Affect Files or Directories	Resource-specific Weaknesses (primary)631
ChildOf	Category	743	CERT C Secure Coding Section 09 - Input Output (FIO)	Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf	Category	748	CERT C Secure Coding Section 50 - POSIX (POS)	Weaknesses Addressed by the CERT C Secure Coding Standard734
MemberOf	View	635	Weaknesses Used by NVD	Weaknesses Used by NVD (primary)635
ParentOf	Category	60	UNIX Path Link Problems	Development Concepts (primary)699
ParentOf	Category	63	Windows Path Link Problems	Development Concepts (primary)699
CanFollow	Weakness Base	363	Race Condition Enabling Link Following	Research Concepts1000
ParentOf	Weakness Variant	62	UNIX Hard Link	Research Concepts (primary)1000
ParentOf	Weakness Variant	64	Windows Shortcut Following (.LNK)	Research Concepts (primary)1000
ParentOf	Weakness Variant	65	Windows Hard Link	Research Concepts (primary)1000
CanFollow	Weakness Class	73	External Control of File Name or Path	Research Concepts1000
ParentOf	Compound Element: Composite	61	UNIX Symbolic Link (Symlink) Following	Research Concepts (primary)1000

Relationship Notes

Link following vulnerabilities are Multi-factor Vulnerabilities (MFV). They are the combination of multiple elements: file or directory permissions, filename predictability, race conditions, and in some cases, a design limitation in which there is no mechanism for performing atomic file creation operations.

Some potential factors are race conditions, permissions, and predictability.

Research Gaps

UNIX hard links, and Windows hard/soft links are under-studied and under-reported.

Affected Resources

File/Directory

Functional Areas

File processing, temporary files

Causal Nature

Explicit (an explicit weakness resulting from behavior of the developer)

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Mapped Node Name
PLOVER		Link Following
CERT C Secure Coding	FIO02-C	Canonicalize path names originating from untrusted sources
CERT C Secure Coding	POS01-C	Check for the existence of links when dealing with files

Related Attack Patterns

CAPEC-ID	(CAPEC Version 1.3)Attack Pattern Name
17	Accessing, Modifying or Executing Executable Files
35	Leverage Executable Code in Nonexecutable Files
76	Manipulating Input to File System Calls

Content History

Submissions

PLOVER. (Externally Mined)

Modifications

Eric Dalci. Cigital. 2008-07-01. (External)

updated Time_of_Introduction

CWE Content Team. MITRE. 2008-09-08. (Internal)

updated Alternate_Terms, Applicable_Platforms, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities

CWE Content Team. MITRE. 2008-11-24. (Internal)

updated Relationships, Taxonomy_Mappings

CWE Content Team. MITRE. 2009-01-12. (Internal)

updated Relationships

CWE Content Team. MITRE. 2009-05-27. (Internal)

updated Description, Name

Previous Entry Names

Link Following (changed 2008-04-11)

Failure to Resolve Links Before File Access (aka 'Link Following') (changed 2009-05-27)

Page Last Updated: May 26, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us