Newsgrab Downloaded File Symlink Arbitrary File Overwrite

2005-01-28T16:16:45
ID OSVDB:13459
Type osvdb
Reporter OSVDB
Modified 2005-01-28T16:16:45

Description

Solution Description

Upgrade to version 0.5.0pre4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://newsgrab.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=300562 Security Tracker: 1013055 Secunia Advisory ID:14083 CVE-2005-0153