Vulnerability discovered by Eric Romang the 2005-06-13
Vendor notified the 2005-06-15
Vulnerability disclosure the 2005-07-04
Affected version(s) :
kpopper before or equal to 1.0
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.