Lucene search
Gentoo FoundationGLSA-200604-13HistoryApr 23, 2006 - 12:00 a.m.
fbida: Insecure temporary file creation
2006-04-2300:00:00
Gentoo Foundation
security.gentoo.org
7
0.0004 Low
EPSS
Percentile
5.2%
Background
fbida is a collection of image viewers and editors for the framebuffer console and X11.
Description
Jan Braun has discovered that the “fbgs” script provided by fbida insecurely creates temporary files in the “/var/tmp” directory.
Impact
A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected script is called, this could result in the file being overwritten with the rights of the user running the script.
Workaround
There is no known workaround at this time.
Resolution
All fbida users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-gfx/fbida | < 2.03-r3 | UNKNOWN |
Related
securityvulns
securityvulns
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service
2006-05-22 00:00:00
nessus
nessus
Debian DSA-1068-1 : fbi - insecure temporary file
2006-10-14 00:00:00
GLSA-200604-13 : fbida: Insecure temporary file creation
2006-04-26 00:00:00
openSUSE 10 Security Update : fbi (fbi-1915)
2007-10-17 00:00:00
prion
prion
Code injection
2006-04-11 10:02:00
cvelist
cvelist
CVE-2006-1695
2006-04-11 10:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200604-13 (fbida)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200604-13 (fbida)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1068-1)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2006-1695
2006-04-11 00:00:00
cve
cve
CVE-2006-1695
2006-04-11 10:02:00
osv
osv
fbi - insecure temporary file
2006-05-20 00:00:00
debian
debian
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service
2006-05-20 00:00:00
debiancve
debiancve
CVE-2006-1695
2006-04-11 10:02:00