National Institute of Standards and Technology
Package illustrating a test case

Test case 150204

Description

This test case implements a time of check time of use vulnerability that allows arbitrary link following. The test case takes in a control file and an input file. The input file is checked to see if it is in the current working directory and not a symbolic link. If both of these conditions are true, the test case opens and reads the FIFO file and opens, reads, and prints the data in the input file. Since there is a delay between checking the validity of the file and opening it, the file can be replaced with a symbolic link, and the test case can be tricked into following it. The control file is used as a method to delay execution long enough for this vulnerability to occur.
Metadata
- Base program: Subversion
- Source Taint: FILE_CONTENTS
- Data Type: VOID_POINTER
- Data Flow: VAR_ARG_LIST
- Control Flow: INTERPROCEDURAL_10

Flaws

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.