1. Home
  2. CWE Database
  3. CWE-59
Base · Medium

CWE-59: Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CWE-59 · Base Level ·28 CVEs ·1 Mitigations

Description

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Potential Impact

Confidentiality, Integrity, Access Control

Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism

Other

Execute Unauthorized Code or Commands

Mitigations & Prevention

Architecture and Design

Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Detection Methods

  • Automated Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Manual Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Dynamic Analysis with Automated Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Dynamic Analysis with Manual Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Manual Static Analysis - Source Code High — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Automated Static Analysis - Source Code SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:

Real-World CVE Examples

CVE IDDescription
CVE-1999-1386Some versions of Perl follow symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-1178Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.
CVE-2004-0217Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.
CVE-2003-0517Symlink attack allows local users to overwrite files.
CVE-2004-0689Window manager does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2005-1879Second-order symlink vulnerabilities
CVE-2005-1880Second-order symlink vulnerabilities
CVE-2005-1916Symlink in Python program
CVE-2000-0972Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.
CVE-2005-0824Signal causes a dump that follows symlinks.
CVE-2001-1494Hard link attack, file overwrite; interesting because program checks against soft links
CVE-2002-0793Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.
CVE-2003-0578Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
CVE-1999-0783Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
CVE-2004-1603Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.

Showing 15 of 28 observed examples.

CWE-706: Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside...

Taxonomy Mappings

  • PLOVER: — Link Following
  • CERT C Secure Coding: FIO02-C — Canonicalize path names originating from untrusted sources
  • CERT C Secure Coding: POS01-C — Check for the existence of links when dealing with files
  • SEI CERT Perl Coding Standard: FIO01-PL — Do not operate on files that can be modified by untrusted users
  • Software Fault Patterns: SFP18 — Link in resource name resolution

Frequently Asked Questions

What is CWE-59?

CWE-59 (Improper Link Resolution Before File Access ('Link Following')) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

How can CWE-59 be exploited?

Attackers can exploit CWE-59 (Improper Link Resolution Before File Access ('Link Following')) to read files or directories, modify files or directories, bypass protection mechanism. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-59?

Key mitigations include: Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file wit

What is the severity of CWE-59?

CWE-59 is classified as a Base-level weakness (Medium abstraction). It has been observed in 28 real-world CVEs.