The product, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. AUTOEXEC.BAT). When the process opens the file, the attacker can assume the privileges of that process, or prevent the program from accurately processing data.
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| ChildOf | Allowed | B | 59 | Improper Link Resolution Before File Access ('Link Following') |
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| MemberOf | Prohibited | C | 743 | CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) |
| MemberOf | Prohibited | C | 877 | CERT C++ Secure Coding Section 09 - Input Output (FIO) |
| MemberOf | Prohibited | C | 980 | SFP Secondary Cluster: Link in Resource Name Resolution |
| MemberOf | Prohibited | C | 1404 | Comprehensive Categorization: File Handling |
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| MemberOf | Prohibited | BS | BOSS-280 | Separation of Privilege Strategy |
| MemberOf | Prohibited | BS | BOSS-294 | Not Language-Specific Weaknesses |
| MemberOf | Prohibited | BS | BOSS-296 | Windows(os class) Weaknesses |
| MemberOf | Prohibited | BS | BOSS-319 | Read Files or Directories (impact) |
| MemberOf | Prohibited | BS | BOSS-320 | Modify Files or Directories (impact) |
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| MemberOf | Prohibited | C | 980 | SFP Secondary Cluster: Link in Resource Name Resolution |
| Scope | Likelihood | Impact | Note |
|---|---|---|---|
| ConfidentialityIntegrity | N/A | Read Files or DirectoriesModify Files or Directories | N/A |
Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
N/A
N/A
| Reference | Description |
|---|---|
| CVE-2002-0725 | File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. |
| CVE-2003-0844 | Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames. |
| Ordinality | Description |
|---|
This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
| Taxonomy Name | Entry ID | Fit | Entry Name |
|---|---|---|---|
| PLOVER | N/A | N/A | Windows hard link |
| CERT C Secure Coding | FIO05-C | N/A | Identify files using multiple file attributes |
| Software Fault Patterns | SFP18 | N/A | Link in resource name resolution |
| ID | Name |
|---|