CVE-2005-2311

Name of the Vulnerable Software and Affected Versions: SMS versions 1.9.2m and earlier

Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.

Recommendations: For SMS versions 1.9.2m and earlier, consider restricting access to the temporary files request1 and request2 to prevent a symlink attack until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.