Description
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-706
CWE-367
CWE-610
CWE-486
Consequences
Access Control: Gain Privileges or Assume Identity
The attacker can gain access to otherwise unauthorized resources.
Integrity, Confidentiality, Other: Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories, Other
Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.
Integrity, Other: Modify Application Data, Other
The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.
Non-Repudiation: Hide Activities
If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.
Non-Repudiation, Integrity: Modify Files or Directories
In some cases it may be possible to delete files that a malicious user might not otherwise have access to — such as log files.
Potential Mitigations
CVE References
