Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.Referenceshttp://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049%40HiWAAY.nethttp://archives.neohapsis.com/archives/bugtraq/2000-05/0305.htmlhttp://www.osvdb.org/1346http://www.securityfocus.com/bid/1238
