CWE-61: UNIX Symbolic Link (Symlink) Following

CompoundIncompleteExploit Likelihood: High

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

View on MITRE
Back to CWE Lookup

Extended Description

A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

Technical Details

Structure
Composite

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-61: UNIX Symbolic Link (Symlink) Following?+

CWE-61: UNIX Symbolic Link (Symlink) Following is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

What are the security consequences of UNIX Symbolic Link (Symlink) Following?+

If exploited, CWE-61 (UNIX Symbolic Link (Symlink) Following) it can compromise Confidentiality and Integrity, leading to outcomes such as Read Files or Directories and Modify Files or Directories.

How do you prevent or mitigate UNIX Symbolic Link (Symlink) Following?+

Recommended mitigations for CWE-61 include: Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.

Which programming languages are affected by UNIX Symbolic Link (Symlink) Following?+

CWE-61 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of UNIX Symbolic Link (Symlink) Following?+

MITRE documents real CVEs mapped to CWE-61, including CVE-1999-1386, CVE-2000-1178, CVE-2004-0217, CVE-2003-0517 and CVE-2004-0689. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-61 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More