Vulnerability discovered by Eric Romang the 2005-05-30
Vendor notified the 2005-05-30
Vulnerability disclosure the 2005-06-06
Affected version(s) :
everybuddy before or equal to 0.4.3
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.