CVE-2006-1695

The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].

Date published : 2006-04-11

http://www.securityfocus.com/bid/17436

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370