CVE-2006-6382

Name of the Vulnerable Software and Affected Versions Positive Software H-Sphere versions prior to 2.5.0 RC3

Description The control panel creates log files in a user's directory with insecure permissions, allowing local users to append log data to arbitrary files via a symlink attack.

Recommendations For versions prior to 2.5.0 RC3, update to version 2.5.0 RC3 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files directory to minimize the risk of exploitation.