Adobe Framemaker License Server (fm_fls) tmp/fm_fls.log Symlink Abritrary File Manipulation
Local Access Required
Loss of Confidentiality
Adobe FrameMaker contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when passing invalid arguements to the fm_fls script and naming a another log file then root access is granted to that file. This flaw may lead to a loss of confidentiality and integrity.
Upgrade to version 6.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): remove the setuid bit from all instances of fm_fls