The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fbida | Fbida | 2.01 | 2.01 |
Fbida | Fbida | 2.03 | 2.03 |
Fbida | Fbida | 2.02 | 2.02 |