The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fbida fbida 2.01 |
||
fbida fbida 2.02 |
||
fbida fbida 2.03 |