CWE - CWE-59: Failure to Resolve Links Before File Access (aka 'Link Following') (Draft 9)

Home > CWE List > CWE-59 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-59 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

59 (Weakness Base)

Description

Summary

Link following weaknesses involve insufficient protection against links or shortcuts that can resolve to a file other than the one that was intended.

Alternate Terms

Some people use the phrase "insecure temporary file" when referring to a link following weakness, but other weaknesses can produce insecure temporary files without any symlink involvement at all.

Functional Area

File processing, temporary files

Likelihood of Exploit

Low to Medium

Weakness Ordinality

Resultant (Weakness is typically related to the presence of some other weaknesses)

Causal Nature

Explicit (This is an explicit weakness resulting from behavior of the developer)

Affected Resource

File/Directory

Potential Mitigations

Follow the principle of least privilege when assigning access rights to files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Context Notes

Link following vulnerabilities are Multi-factor Vulnerabilities (MFV). They are the combination of multiple elements: file or directory permissions, filename predictability, race conditions, and in some cases, a design limitation in which there is no mechanism for performing atomic file creation operations.

Some potentials factors are race conditions, permissions, predictability.

This is not OS specific.

Windows soft links can be exploited remotely since a ".LNK" file can be uploaded like a normal file.

Research Gaps

UNIX hard links, and Windows hard/soft links are under-studied and under-reported.

Relationships

Nature	Type	ID	Name
ChildOf	Weakness Class	21	Pathname Traversal and Equivalence Errors
ChildOf	Category	632	Weaknesses that Affect Files or Directories
ChildOf	View	635
ParentOf	Category	60	UNIX Path Link Problems
ParentOf	Category	63	Windows Path Link Problems
CanAlsoBe	Weakness Base	363	Race Condition Enabling Link Following

Source Taxonomies

PLOVER - Link Following

Applicable Platforms

All

Related Attack Patterns

CAPEC-ID	Attack Pattern Name
35	Leverage Executable Code in Nonexecutable Files
17	Accessing, Modifying or Executing Executable Files
76	Manipulating Input to File System Calls

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us