Timeline :
Vulnerability discovered by Eric Romang the 2005-05-30
Vendor notified the 2005-05-30
Vulnerability disclosure the 2005-06-06
Reference(s) :
Affected version(s) :
everybuddy before or equal to 0.4.3
Description :
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.