Detailedlikelihood: Mediumseverity: HighDraft

CAPEC-27Leveraging Race Conditions via Symbolic Links

Abstraction
Detailed
Status
Draft
Likelihood
Medium
Severity
High

Description

This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

Related weaknesses· 5

CWE-367CWE-61CWE-662CWE-689CWE-667

Related attack patterns· 1

CAPEC-29 (ChildOf)

Exploits5

TypeTargetConfidenceTier
WeaknessUNIX Symbolic Link (Symlink) Followingcwe-61100%live
WeaknessPermission Race Condition During Resource Copycwe-689100%live
WeaknessTime-of-check Time-of-use (TOCTOU) Race Conditioncwe-367100%live
WeaknessImproper Synchronizationcwe-662100%live
WeaknessImproper Lockingcwe-667100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Leveraging Race Conditions
CAPEC
Buffer Overflow via Symbolic Links
CAPEC
Symlink Attack
CAPEC
Create files with the same name as files protected with a higher classification
CAPEC
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CWE
Race Condition Enabling Link Following
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.