everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
References
Link | Resource |
---|---|
http://bugs.gentoo.org/show_bug.cgi?id=94473 | Exploit Issue Tracking |
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html | Not Applicable Vendor Advisory |
http://securitytracker.com/id?1014110 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://www.securityfocus.com/bid/13865 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://www.zataz.net/adviso/everybuddy-06062005.txt | Broken Link Vendor Advisory |
http://bugs.gentoo.org/show_bug.cgi?id=94473 | Exploit Issue Tracking |
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html | Not Applicable Vendor Advisory |
http://securitytracker.com/id?1014110 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://www.securityfocus.com/bid/13865 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://www.zataz.net/adviso/everybuddy-06062005.txt | Broken Link Vendor Advisory |
Configurations
History
20 Nov 2024, 23:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.gentoo.org/show_bug.cgi?id=94473 - Exploit, Issue Tracking | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html - Not Applicable, Vendor Advisory | |
References | () http://securitytracker.com/id?1014110 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/13865 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () http://www.zataz.net/adviso/everybuddy-06062005.txt - Broken Link, Vendor Advisory |
26 Jan 2024, 17:00
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/13865 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (MISC) http://bugs.gentoo.org/show_bug.cgi?id=94473 - Exploit, Issue Tracking | |
References | (MISC) http://www.zataz.net/adviso/everybuddy-06062005.txt - Broken Link, Vendor Advisory | |
References | (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html - Not Applicable, Vendor Advisory | |
References | (SECTRACK) http://securitytracker.com/id?1014110 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
CWE | CWE-59 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:everybuddy:everybuddy:*:*:*:*:*:*:*:* |
Information
Published : 2005-06-06 04:00
Updated : 2024-11-20 23:58
NVD link : CVE-2005-1880
Mitre link : CVE-2005-1880
CVE.ORG link : CVE-2005-1880
JSON object : View
Products Affected
everybuddy
- everybuddy
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')