CVE-2005-1880

Опубликовано: 06 июн. 2005

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

Ссылки

http://bugs.gentoo.org/show_bug.cgi?id=94473
Exploit
Issue Tracking
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html
Not Applicable
Vendor Advisory
http://securitytracker.com/id?1014110
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/13865
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.zataz.net/adviso/everybuddy-06062005.txt
Broken Link
Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=94473
Exploit
Issue Tracking
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034422.html
Not Applicable
Vendor Advisory
http://securitytracker.com/id?1014110
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/13865
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.zataz.net/adviso/everybuddy-06062005.txt
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:everybuddy:everybuddy:*:*:*:*:*:*:*:*

Версия до 0.4.3 (включая)

EPSS

Процентиль: 42%

0.00201

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-59

Связанные уязвимости

GHSA-v4r8-qwq6-39xh