Note:
This project will be discontinued after December 13, 2021. [more]
2008-05-16
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
Products | Nzbget, Uudeview |
Type | Improper Link Resolution Before File Access ('Link Following') (CWE-59) |
First patch | - None (likely due to unavailable code) |
Links |
• https://exchange.xforce.ibmcloud.com/vulnerabilities/42407
• http://security.gentoo.org/glsa/glsa-200808-11.xml • http://www.securityfocus.com/bid/29211 • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972 • http://secunia.com/advisories/30171 |