Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00588Percentile:
0.68124
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-281
: Improper Preservation of Permissions
CWE-59
: Improper Link Resolution Before File Access ('Link Following')
All CAPEC(s)
CAPEC-132 : Symlink Attack
CAPEC-17 : Using Malicious Files
CAPEC-35 : Leverage Executable Code in Non-Executable Files
CAPEC-76 : Manipulating Web Input to File System Calls
CAPEC(s) with Mapped TTPs
CAPEC-132 : Symlink Attack
Mapped TTPs:
CAPEC-17 : Using Malicious Files
Mapped TTPs:
T1574.005
: Executable Installer File Permissions Weakness
T1574.010
: Services File Permissions Weakness
CAPEC-35 : Leverage Executable Code in Non-Executable Files
Mapped TTPs:
Mapped ATT&CK TTPs
T1547.009
: Shortcut Modification
Kill Chain: persistence
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
T1027.006
: HTML Smuggling
Kill Chain: defense-evasion
T1027.009
: Embedded Payloads
Kill Chain: defense-evasion
T1564.009
: Resource Forking
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:sun:solaris_pc_netlink:*:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me