CWE-59
Weakness ID:59(Weakness Base)
Status: Draft
N߂̖
v
t@CɊÂăt@CɃANZX\tgEFAɂāAt@CӐ}Ȃ\[X郊NV[gJbg肷邱ƂKɖhȂƂƎ㐫łB
ʖ
SłȂꎞt@C
N߂ɂƎ㐫̐ɊւāuSłȂꎞt@Cvƕ\邱Ƃ܂BA̐Ǝ㐫ɂĂAV{bNNɑS֘AȂASłȂꎞt@C쐬邱Ƃ܂B
Ǝ㐫̔
YvbgtH[
S
OS
Windows
UNIX
U\
Ⴂ `
Q̊ɘa
tF[Y: A[LeN`ѐv;
t@Cւ̃ANZX蓖Ăꍇ́Aŏ̌ɏ]ĉBt@Cւ̃ANZXۂɂAdvȃt@Cւ̃N̒uh܂BMłی̈邽߁AVXe̓Kȋ敪ۏĉB
wȉڍ
\tgN UNIX ̗płAwindows x[X̃vbgtH[ɂPȃV[gJbgƓӌłB
̑̕⑫
\tgNƂĂ windows ̒PȃV[gJbǵAu.LNKvt@Cʏ̃t@CƓlɃAbv[h\Ȃ߁A[g爫p\܂B
ɂ鑼̐Ǝ㐫Ƃ̈ˑW
| ˑW | ڍ |
|---|---|
| ˑI | ̐Ǝ㐫݂邱Ƃɂ蔭 |
W
| Nature | Type | ID | Name | View(s) this relationship pertains to |
|---|---|---|---|---|
| ChildOf | Category | 21 | Pathname Traversal and Equivalence Errors | Development Concepts (primary)699 |
| ChildOf | Category | 632 | Weaknesses that Affect Files or Directories | Resource-specific Weaknesses (primary)631 |
| ChildOf | Weakness Class | 706 | Use of Incorrectly-Resolved Name or Reference | Research Concepts (primary)1000 |
| ChildOf | Category | 743 | CERT C Secure Coding Section 09 - Input Output (FIO) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
| ChildOf | Category | 748 | CERT C Secure Coding Section 50 - POSIX (POS) | Weaknesses Addressed by the CERT C Secure Coding Standard734 |
| ChildOf | Category | 808 | 2010 Top 25 - Weaknesses On the Cusp) | Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)800 |
| ParentOf | Category | 60 | UNIX Path Link Problems | Development Concepts (primary)699 |
| ParentOf | Compound Element: Composite | 61 | UNIX Symbolic Link (Symlink) Following | Research Concepts (primary)1000 |
| ParentOf | Weakness Variant | 62 | UNIX Hard Link | Research Concepts (primary)1000 |
| ParentOf | Category | 63 | Windows Path Link Problems | Development Concepts (primary)699 |
| ParentOf | Weakness Variant | 64 | Windows Shortcut Following (.LNK) | Research Concepts (primary)1000 |
| ParentOf | Weakness Variant | 65 | Windows Hard Link | Research Concepts (primary)1000 |
| MemberOf | View | 635 | Weaknesses Used by NVD | Weaknesses Used by NVD (primary)635 |
| CanFollow | Weakness Class | 73 | External Control of File Name or Path | Research Concepts1000 |
| CanFollow | Weakness Base | 363 | Race Condition Enabling Link Following | Research Concepts1000 |
W̕⑫
N߂̖͕̗vfƎ㐫iMulti-factor Vulnerabilities (MFV)jłB̐Ǝ㐫ɂ́At@CуfBNg̃ANZXAt@C̗\\AԁAAg~bNȃt@C쐬鑀̃JjYȂƂv̐ȂǁA̗vf݂܂B
ݓIȗvfƂẮAԁAp[~bVA\\܂B
v iCWE ̌j
UNIX ̃n[hN Windows ̃n[h/\tgNɂẮAłAłB
eVXe\[X
t@C/fBNg
@\
t@CAꎞt@C
̐
m
gDł̕
| gD܂͑gDł̕ | m[h ID | CWE̕ނƂ̓Kx | ޖ |
|---|---|---|---|
| PLOVER | Link Following | ||
| CERT C Secure Coding | FIO02-C | Canonicalize path names originating from untrusted sources | |
| CERT C Secure Coding | POS01-C | Check for the existence of links when dealing with files |
֘AUp^[
| CAPEC-ID | Up^[ (CAPEC Version 1.5) |
|---|---|
| 17 | Accessing, Modifying or Executing Executable Files |
| 35 | Leverage Executable Code in Nonexecutable Files |
| 76 | Manipulating Input to File System Calls |
| 132 | Symlink Attacks |
XV
[2011N0421]
2010N1012_̃f[^ɍXV
[2009N0629]
2009N0202_̉L URL ɍ쐬
http://cwe.mitre.org/data/definitions/59.html
o^ 2011/04/21
ŏIXV 2023/04/04
