Apple '.DS Store'
Weakness ID: 71 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

Software operating in a MAC OS environment, where .DS_Store is in effect, must carefully manage hard links, otherwise an attacker may be able to leverage a hard link from .DS_Store to overwrite arbitrary files and gain privileges.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms



+ Observed Examples
BUGTRAQ:20010910More security problems in Apache on Mac OS X
CVE-2005-0342The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS Store file to an arbitrary file.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base66Improper Handling of File Names that Identify Virtual Resources
Research Concepts (primary)1000
ChildOfCategoryCategory70Mac Virtual File Problems
Resource-specific Weaknesses (primary)631
Development Concepts (primary)699
PeerOfWeakness VariantWeakness Variant62UNIX Hard Link
Research Concepts1000
+ Research Gaps


+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERDS - Apple '.DS Store
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
86Embedding Script (XSS ) in HTTP Headers
32Embedding Scripts in HTTP Query Strings
18Embedding Scripts in Nonscript Elements
19Embedding Scripts within Scripts
63Simple Script Injection
91XSS in IMG Tags
+ Maintenance Notes

This entry, which originated from PLOVER, probably stems from a common manipulation that is used to exploit symlink and hard link following weaknesses, like /etc/passwd is often used for UNIX-based exploits. As such, it is probably too low-level for inclusion in CWE.

+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Maintenance Notes
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns