Timeline :

Vulnerability discovered by Eric Romang the 2005-05-30
Vendor notified the 2005-05-30
Vulnerability disclosure the 2005-06-06

Reference(s) :

CVE-2005-1880
OSVDB-17174

Affected version(s) :

everybuddy before or equal to 0.4.3

Description :

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.