CVE-2005-1880
MEDIUMeverybuddy < 0.4.3 - Arbitrary File Overwrite via Symlink Attack on Temporary File
Title source: llmDescription
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
References (5)
Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014110
Not Applicable, Vendor Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13865
Exploit, Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=94473
Broken Link, Vendor Advisory x_refsource_misc
http://www.zataz.net/adviso/everybuddy-06062005.txt
Scores
CVSS v3
5.5
EPSS
0.0046
EPSS Percentile
36.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (1)
everybuddy/everybuddy
< 0.4.3
Published
Jun 06, 2005
Tracked Since
Feb 18, 2026