Questions tagged [symlink]

11 questions
10
votes
1 answer

How zip symlink works?

I've seen lately some bugs that used zip symlink technique , can anyone explain how this vulnerability works , how attackers use it to exploit applications? Thanks
Daniel
  • 1,422
  • 3
  • 21
  • 32
9
votes
1 answer

Is symlink race a very common vulnerability in UNIX systems

As far as I know, when I am creating a new file or directory in a directory that can be written by multiple users (and thus an adversary can have made a symlink there), the only way to protect myself from symlink race is creating a file with enough…
v6ak
  • 609
  • 5
  • 12
6
votes
2 answers

Is it possible become root through a broken symlink owned by root and globally writeable?

I'm looking for a vulnerability on a server. I'm looking in the /var directory and I get something like this: drwxr-xr-x 3 root root 4.0K Aug 14 21:02 kerberos drwxr-xr-x 12 root root 4.0K Nov 11 05:04 lib drwxr-xr-x 2 root root 4.0K Jun 10 2014…
user23749
5
votes
1 answer

Why do broken symlinks pose a security threat?

I have been given a security specification document that contains some rules about the product I currently work on (docker containers). One states that: All broken symlinks must be removed. My question is, why do broken symlinks pose a security…
4
votes
2 answers

How to secure SFTP against symlink attack?

I've configured SFTP on my virtual machine, because I wanted to test how can I use symlink in order to access files outside from user home directory. I've created user: test:x:1003:1001::/var/www/test/public:/bin/false Ownership and…
Mirsad
  • 10,005
  • 8
  • 33
  • 53
3
votes
1 answer

Will disabling "symlink" in PHP.ini prevent attackers from attacking other websites?

I have a small shared server where couple of websites are hosted, so I'm not sure if this kind of protection will be enough to prevent attackers from executing symlink attack. I've added symlink to disabled PHP functions and of course others like…
user134969
  • 1,298
  • 4
  • 15
  • 24
3
votes
1 answer

Symbolic links, PATH and privilege escalation vulnerability

I am a bit inexperienced to this... I am using this VM https://www.vulnhub.com/entry/the-wall-1,130/ for practicing and there is a step I don't understand. Here: https://research.g0blin.co.uk/thewall-vulnhub-writeup/ After calling strings on the…
Mark Read
  • 199
  • 1
  • 1
  • 6
2
votes
2 answers

Should programs check for symlinks before creating files?

We received a bug report (phrased as a security issue) for a program, which stated that when the program creates files on disk, it does not first verify if a symbolic link exists at the file path to be created. Because of that, an attacker may…
1
vote
1 answer

Symlink file name - possible exploit?

I found a vulnerability in one of my managed website where I can give any name to the symlink file name source link. I cannot control the target directory link though. Also I can create as many symlinks in that directory with different source names…
MagExt
  • 147
  • 4
1
vote
1 answer

Symlinks from public_html to directory linking to files in custom home directory

I have setup a multi-sites project on a VPS server with WHM and cPanel. Codebase is installed on a custom created folder named sites inside the cPanel user account home directory, with a subdomain master.example.com which acts as the master…
tafvita
  • 11
  • 2
0
votes
1 answer

Looking for a way to overwrite a symbolic link

I'm peparing for OSCP and I found an interesting situation (Alpine Linux). There is a daemon super_service executed by root that is reading configuration file from /var/super_service/configs/ which is a symbolic link to location that my user john…
elklepo
  • 103
  • 3