📄 Description (English)
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.
This issue affects Pardus About: before v1.2.1.
🤖 AI Executive Summary
CVE-2026-5161 is a symlink attack vulnerability in Pardus About (before v1.2.1) that allows attackers to manipulate file access through improper link resolution. With a CVSS score of 8.8, this high-severity vulnerability could enable privilege escalation or unauthorized file access on affected systems. The lack of available patches requires immediate compensating controls and monitoring until vendor remediation is released.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 4, 2026 03:48
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily affects government and public sector organizations in Saudi Arabia that deploy Pardus-based systems. The National Cybersecurity Authority (NCA) and government IT infrastructure using Turkish-origin Pardus distributions are at elevated risk. Potential impact includes unauthorized access to sensitive government data, system compromise, and privilege escalation on critical infrastructure systems. Organizations in the public administration, defense, and critical infrastructure sectors should prioritize assessment and mitigation.
🏢 Affected Saudi Sectors
Government & Public Administration
Critical Infrastructure
Defense & Security
Education (Universities using Pardus)
Healthcare (if Pardus-based systems deployed)
Telecommunications
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all systems running Pardus About and identify versions prior to v1.2.1
2. Restrict file system permissions to prevent symlink creation in sensitive directories
3. Implement strict access controls on /tmp and other world-writable directories
4. Monitor system logs for suspicious symlink creation attempts
Compensating Controls (until patch available):
5. Disable symlink following in Pardus About configuration if available
6. Use mount options (nosymfollow) on critical partitions
7. Implement SELinux or AppArmor policies to restrict symlink operations
8. Run Pardus About with minimal required privileges
Detection Rules:
9. Monitor for symlink creation in /tmp and /var/tmp directories
10. Alert on file access attempts following symlinks to sensitive locations
11. Track failed file access attempts with permission denied errors
12. Patch to v1.2.1 or later immediately upon availability
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع الأنظمة التي تعمل بـ Pardus About وتحديد الإصدارات السابقة للإصدار 1.2.1
2. تقييد أذونات نظام الملفات لمنع إنشاء الروابط الرمزية في الدلائل الحساسة
3. تطبيق ضوابط وصول صارمة على /tmp والدلائل الأخرى القابلة للكتابة من قبل الجميع
4. مراقبة سجلات النظام للكشف عن محاولات إنشاء روابط رمزية مريبة
الضوابط التعويضية (حتى توفر التصحيح):
5. تعطيل متابعة الروابط الرمزية في إعدادات Pardus About إن أمكن
6. استخدام خيارات التثبيت (nosymfollow) على الأقسام الحرجة
7. تطبيق سياسات SELinux أو AppArmor لتقييد عمليات الروابط الرمزية
8. تشغيل Pardus About بأقل امتيازات مطلوبة
قواعد الكشف:
9. مراقبة إنشاء الروابط الرمزية في دلائل /tmp و /var/tmp
10. تنبيه محاولات الوصول إلى الملفات التي تتبع الروابط الرمزية إلى مواقع حساسة
11. تتبع محاولات الوصول الفاشلة إلى الملفات مع أخطاء الإذن المرفوضة
12. التصحيح إلى الإصدار 1.2.1 أو أحدث فور توفره
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies
ECC 2024 A.5.2.1 - User Registration and Access Rights
ECC 2024 A.5.3.1 - Password Management
ECC 2024 A.12.2.1 - Change Management
ECC 2024 A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Software Inventory
SAMA CSF PR.AC-1 - Access Control Policy
SAMA CSF PR.AC-3 - Access Enforcement
SAMA CSF DE.CM-1 - System Monitoring
SAMA CSF RS.MI-2 - Incident Response Procedures
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control
ISO 27001:2022 A.8.1 - User Endpoint Devices
ISO 27001:2022 A.8.3 - Access Control
ISO 27001:2022 A.12.6.1 - Management of Technical Vulnerabilities
ISO 27001:2022 A.14.2.1 - Secure Development Policy
🔗 References & Sources 1