||kernel_crashdump in Apport before 2.19 allows local users to cause a
denial of service (disk consumption) or possibly gain privileges via a
(1) symlink or (2) hard link attack on /var/crash/vmcore.log.
||The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel
in FreeBSD 8.3 through 9.2 allows local users with certain permissions
to bypass access restrictions via a hardlink in a nullfs instance to a
file in a different instance.
||transports/appendfile.c in Exim before 4.72, when a world-writable
sticky-bit mail directory is used, does not verify the st_nlink field
of mailbox files, which allows local users to cause a denial of
service or possibly gain privileges by creating a hard link to another
||The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before
10.6.5 supports hard links to directories and does not prevent certain
deeply nested directory structures, which allows local users to cause
a denial of service (filesystem corruption) via a crafted application
that calls the mkdir and link functions, related to the fsck_hfs
program in the diskdev_cmds component.
||Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and
2.1.4r42893 on Linux allows local users to gain privileges via a
hardlink attack, which preserves setuid/setgid bits on Linux, related
||Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6
before 2.6-20080814, when the operating system supports hard links to
symlinks, allows local users to append e-mail messages to a file to
which a root-owned symlink points, by creating a hard link to this
symlink and then sending a message. NOTE: this can be leveraged to
gain privileges if there is a symlink to an init script.
||chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify
permissions of files by creating a hardlink to a file from a
world-writable directory, which can cause the link count to drop to 1
when the file is deleted or replaced, which is then modified by
chkstat to use weaker permissions.
||cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users
to (1) read arbitrary files via the backup feature or (2) chown
arbitrary files via the .htaccess file when Front Page extensions are
enabled or disabled.
||script command in the util-linux package before 2.11n allows local
users to overwrite arbitrary files by setting a hardlink from the
typescript log file to any file on the system, then having root
execute the script command.