Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1695

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2006-1695
Last Modified 07 Mar 2011 09:33:36
Published 11 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-1695

Summary

The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].

Vulnerable Systems

Application

  • Fbida 2.01

  • Fbida 2.02

  • Fbida 2.03


References

VUPEN - ADV-2006-1281

SECUNIA - 19559

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361370

XF - fbida-fbgs-tmpdir-symlink(25729)

BID - 17436

SUSE - SUSE-SR:2006:019

GENTOO - GLSA-200604-13

DEBIAN - DSA-1068

SECUNIA - 21459

SECUNIA - 20166

SECUNIA - 19766


Last Updated: 27 May 2016 10:42:10