Description
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.
References (6)
Core 6
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16207
Various Sources vendor-advisory
x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24074
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015469
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22320
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18404
Scores
EPSS
0.0007
EPSS Percentile
21.9%
Details
Status
published
Products (9)
freebsd/freebsd
4.10 (4 CPE variants)
freebsd/freebsd
4.11 release_p3 (3 CPE variants)
freebsd/freebsd
5.0 (4 CPE variants)
freebsd/freebsd
5.1 (5 CPE variants)
freebsd/freebsd
5.2
freebsd/freebsd
5.2.1 release (2 CPE variants)
freebsd/freebsd
5.3 (4 CPE variants)
freebsd/freebsd
5.4 pre-release (3 CPE variants)
freebsd/freebsd
6.0 release (2 CPE variants)
Published
Jan 11, 2006
Tracked Since
Feb 18, 2026