Second-Order Symlink Vulnerabilities

[This was originally published on the OSVDB blog.]

While symlink vulnerabilities are not new, Steven Christey from CVE points out a recent trend in “second-order symlink” vulnerabilities. Based on the recent examples published, there is a strong chance many applications have been vulnerable to such attacks in the past.

Leave a Reply

%d bloggers like this: