Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2016-12-15 CVE-2016-9566 Link Following vulnerability in Nagios
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file.
local
low complexity
nagios CWE-59
7.8
2016-12-13 CVE-2016-6664 Link Following vulnerability in multiple products
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
local
high complexity
oracle mariadb percona CWE-59
7.0
2016-11-29 CVE-2016-1247 Link Following vulnerability in multiple products
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
local
low complexity
f5 fedoraproject CWE-59
7.8
2016-11-10 CVE-2016-7490 Link Following vulnerability in Teradata Studio Express 15.12.00.00
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely.
local
low complexity
teradata CWE-59
7.8
2016-06-03 CVE-2016-3096 Link Following vulnerability in multiple products
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
local
low complexity
fedoraproject redhat CWE-59
7.8
2016-05-06 CVE-2015-0858 Link Following vulnerability in multiple products
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
local
low complexity
debian tardiff-project CWE-59
3.3
2016-01-11 CVE-2015-6566 Link Following vulnerability in multiple products
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
local
low complexity
zarafa fedoraproject CWE-59
8.4
2016-01-08 CVE-2015-7758 Link Following vulnerability in multiple products
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.
local
low complexity
opensuse gummi-project CWE-59
3.3
2015-05-18 CVE-2015-3629 Link Following vulnerability in multiple products
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
local
low complexity
docker opensuse CWE-59
7.8
2015-04-10 CVE-2015-1130 Link Following vulnerability in Apple mac OS X
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
local
low complexity
apple CWE-59
7.8