newsgrab is an application running on Unix that is used to download binary encoded messages from USENet. newsgrab versions prior to 0.5.0pre4 could allow a remote attacker to traverse directories on the Web server, caused by improper validation of user-supplied input in the file name. A remote attacker can send a specially-crafted file name containing “dot dot” (/…/) sequences to traverse directories and overwrite arbitrary files on the system with user privileges.