CVE-2008-2266
nzbget < 0.3.0 - Arbitrary File Overwrite via Symlink Attack on Temporary Filename
Title source: llmDescription
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200808-11.xml
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31420
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30171
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/05/14/10
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29211
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42407
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/05/30/1
Scores
EPSS
0.0032
EPSS Percentile
23.8%
Details
CWE
CWE-59
Status
published
Products (7)
nzbget/nzbget
0.1.0a
nzbget/nzbget
0.1.1
nzbget/nzbget
0.1.2
nzbget/nzbget
0.2.0
nzbget/nzbget
0.2.1
nzbget/nzbget
< 0.2.2
uudeview/uudeview
0.5.20
Published
May 16, 2008
Tracked Since
Feb 18, 2026