CVE-2005-1880

MEDIUM

Everybuddy < 0.4.3 - Symlink Following

Title source: rule

Description

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

References (5)

[Exploit, Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=94473

[Not Applicable, Vendor Advisory] http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html

[Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory] http://securitytracker.com/id?1014110

[Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/13865

[Broken Link, Vendor Advisory] http://www.zataz.net/adviso/everybuddy-06062005.txt

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-59

Status draft

Affected Products (1)

everybuddy/everybuddy < 0.4.3

Timeline

Published Jun 06, 2005

Tracked Since Feb 18, 2026