CVE-2005-1917 Kpopper popper-send.sh Symlink Arbitrary File Manipulation

Timeline :

Vulnerability discovered by Eric Romang the 2005-06-13
Vendor notified the 2005-06-15
Vulnerability disclosure the 2005-07-04

Reference(s) :

CVE-2005-1917
OSVDB-17725

Affected version(s) :

kpopper before or equal to 1.0

Description :

kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.