Timeline :

Vulnerability discovered by Eric Romang the 2005-05-27
Vendor notified the 2005-06-06
Vulnerability disclosure the 2005-07-04

Reference(s) :

CVE-2005-1916
OSVDB-17722

Affected version(s) :

keg before or equal to 2005-06-05 22:03

Description :

Eksperymentalny Klient Gadu-Gadu (EKG) contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the czyjest and handle_keypress() functions in the contrib/scripts/linki.py script creating temporary files insecurely. It is possible for a user to use a symlink style attack from a critical EKG file to the /tmp/rmrmg_ekg_url file. When EKG is run, the temporary symlink file is activated with the privileges of the user running EKG, resulting in a loss of integrity.