CWE

Apple '.DS_Store'

ID: 71		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

Software operating in a MAC OS environment, where .DS_Store is in effect, must carefully manage hard links, otherwise an attacker may be able to leverage a hard link from .DS_Store to overwrite arbitrary files and gain privileges.

Applicable Platforms
Language Class: All

Time Of Introduction

• Architecture and Design
• Implementation
• Operation

Related Attack Patterns

• CAPEC-18
• CAPEC-19
• CAPEC-199
• CAPEC-244
• CAPEC-32
• CAPEC-63
• CAPEC-86
• CAPEC-91

Common Consequences

Scope	Technical Impact	Notes
Confidentiality Integrity	Read files or directories Modify files or directories

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-71 ChildOf CWE-893	Category	CWE-888

Demonstrative Examples
None

Observed Examples

1. BUGTRAQ:20010910 : More security problems in Apache on Mac OS X
2. CVE-2005-0342 : The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
PLOVER		DS - Apple '.DS_Store

References:
None