FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

newsgrab -- directory traversal vulnerability

Affected packages
newsgrab <= 0.4.0


VuXML ID 35f6093c-73c3-11d9-8a93-00065be4b5b6
Discovery 2005-01-18
Entry 2005-02-01

The newsgrab script creates files by using the names provided in the newsgroup messages in a perl open() call. This is done without performing any security checks to prevent a directory traversal. A specially crafted newsgroup message could cause newsgrab to drop an attachment anywhere on the file system using the permissions of the user running the script.


CVE Name CVE-2005-0153