1. CVE-Search
  2. CVE-2006-1695
ID CVE-2006-1695
Summary The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].
References
Vulnerable Configurations
  • cpe:2.3:a:fbida:fbida:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:fbida:fbida:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:fbida:fbida:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:fbida:fbida:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:fbida:fbida:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:fbida:fbida:2.03:*:*:*:*:*:*:*
CVSS
Base: 1.2 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:H/Au:N/C:N/I:P/A:N
refmap via4
bid 17436
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370
debian DSA-1068
gentoo GLSA-200604-13
secunia
  • 19559
  • 19766
  • 20166
  • 21459
suse SUSE-SR:2006:019
vupen ADV-2006-1281
xf fbida-fbgs-tmpdir-symlink(25729)
Last major update 20-07-2017 - 01:30
Published 11-04-2006 - 10:02
Last modified 20-07-2017 - 01:30
Back to Top